v1.4.0

Summary

Added: 69 rules
Modified: 96 rules
Renamed: 0 rules
Deleted: 0 rules

Detailed release changes: rules v1.3.0...v1.4.0

Added rules (69)

• anti-analysis/anti-forensic/clear-logs/clear-the-windows-event-log.yml
• anti-analysis/anti-forensic/crash-the-windows-event-logging-service.yml
• anti-analysis/packer/kkrunchy/packed-with-kkrunchy.yml
• anti-analysis/packer/nspack/packed-with-nspack.yml
• anti-analysis/packer/pebundle/packed-with-pebundle.yml
• anti-analysis/packer/pelocknt/packed-with-pelocknt.yml
• anti-analysis/packer/peshield/packed-with-peshield.yml
• anti-analysis/packer/petite/packed-with-petite.yml
• anti-analysis/packer/rlpack/packed-with-rlpack.yml
• anti-analysis/packer/upack/packed-with-upack.yml
• anti-analysis/packer/y0da/packed-with-y0da-crypter.yml
• compiler/rust/compiled-with-rust.yml
• data-manipulation/checksum/adler32/compute-adler32-checksum.yml
• data-manipulation/encryption/hc-128/encrypt-data-using-hc-128.yml
• host-interaction/console/manipulate-console.yml
• host-interaction/gui/logon/references-logon-banner.yml
• host-interaction/process/terminate/terminate-process-via-fastfail.yml
• impact/inhibit-system-recovery/delete-volume-shadow-copies.yml
• nursery/authenticate-hmac.yml
• nursery/compiled-from-epl.yml
• nursery/compiled-with-go.yml
• nursery/create-restart-manager-session.yml
• nursery/decode-data-using-base64-via-winapi.yml
• nursery/empty-recycle-bin-quietly.yml
• nursery/enumerate-network-shares.yml
• nursery/hook-routines-via-microsoft-detours.yml
• nursery/hooked-by-api-override.yml
• nursery/impersonate-user.yml
• nursery/packaged-as-a-createinstall-installer.yml
• nursery/packaged-as-a-pintool.yml
• nursery/packaged-as-a-winzip-self-extracting-archive.yml
• nursery/packed-with-ccg.yml
• nursery/packed-with-crunch.yml
• nursery/packed-with-dragon-armor.yml
• nursery/packed-with-enigma.yml
• nursery/packed-with-epack.yml
• nursery/packed-with-maskpe.yml
• nursery/packed-with-mew.yml
• nursery/packed-with-mpress.yml
• nursery/packed-with-neolite.yml
• nursery/packed-with-pecompact.yml
• nursery/packed-with-pepack.yml
• nursery/packed-with-perplex.yml
• nursery/packed-with-procrypt.yml
• nursery/packed-with-rpcrypt.yml
• nursery/packed-with-seausfx.yml
• nursery/packed-with-shrinker.yml
• nursery/packed-with-simple-pack.yml
• nursery/packed-with-starforce.yml
• nursery/packed-with-svkp.yml
• nursery/packed-with-themida.yml
• nursery/packed-with-tsuloader.yml
• nursery/packed-with-vprotect.yml
• nursery/packed-with-wwpack.yml
• nursery/rebuilt-by-imprec.yml
• nursery/reference-114dns-dns-server.yml
• nursery/reference-alidns-dns-server.yml
• nursery/reference-cloudflare-dns-server.yml
• nursery/reference-comodo-secure-dns-server.yml
• nursery/reference-dns-over-https-endpoints.yml
• nursery/reference-google-public-dns-server.yml
• nursery/reference-hurricane-electric-dns-server.yml
• nursery/reference-kornet-dns-server.yml
• nursery/reference-l3-dns-server.yml
• nursery/reference-opendns-dns-server.yml
• nursery/reference-quad9-dns-server.yml
• nursery/reference-verisign-dns-server.yml
• nursery/run-as-service.yml
• nursery/schedule-task-via-itaskservice.yml

Modified rules (96)

• anti-analysis/anti-debugging/debugger-detection/check-for-trap-flag-exception.yml
• anti-analysis/packer/aspack/packed-with-aspack.yml
• anti-analysis/packer/vmprotect/packed-with-vmprotect.yml
• c2/file-transfer/download-and-write-a-file.yml
• c2/file-transfer/write-and-execute-a-file.yml
• c2/shell/create-reverse-shell.yml
• collection/browser/gather-firefox-profile-information.yml
• collection/credit-card/parse-credit-card-information.yml
• collection/keylog/log-keystrokes-via-application-hook.yml
• collection/keylog/log-keystrokes-via-polling.yml
• collection/network/capture-network-configuration-via-ipconfig.yml
• collection/screenshot/capture-screenshot.yml
• communication/ftp/send/send-file-using-ftp-via-wininet.yml
• communication/http/client/connect-to-http-server.yml
• communication/http/client/connect-to-url.yml
• communication/http/client/create-http-request.yml
• communication/http/client/decompress-http-response-via-iencodingfilterfactory.yml
• communication/http/client/download-url-to-file.yml
• communication/http/client/extract-http-body.yml
• communication/http/client/get-http-document-via-iwebbrowser2.yml
• communication/http/client/get-http-response-content-encoding.yml
• communication/http/client/prepare-http-request.yml
• communication/http/client/read-data-from-internet.yml
• communication/http/client/receive-http-response.yml
• communication/http/client/send-file-via-http.yml
• communication/http/client/send-http-request.yml
• communication/http/initialize-iwebbrowser2.yml
• communication/http/initialize-winhttp-library.yml
• communication/http/read-http-header.yml
• communication/http/server/receive-http-request.yml
• communication/http/server/send-http-response.yml
• communication/http/server/start-http-server.yml
• communication/http/set-http-header.yml
• communication/icmp/send-icmp-echo-request.yml
• communication/named-pipe/connect/connect-pipe.yml
• communication/named-pipe/create/create-pipe.yml
• communication/named-pipe/create/create-two-anonymous-pipes.yml
• communication/named-pipe/read/read-pipe.yml
• communication/named-pipe/write/write-pipe.yml
• communication/receive-data.yml
• communication/send-data.yml
• communication/socket/get-socket-status.yml
• communication/socket/initialize-winsock-library.yml
• communication/socket/receive/receive-data-on-socket.yml
• communication/socket/send/send-data-on-socket.yml
• communication/socket/set-socket-configuration.yml
• communication/socket/tcp/connect-tcp-socket.yml
• communication/socket/tcp/create-tcp-socket.yml
• communication/socket/tcp/send/send-tcp-data-via-wfp-api.yml
• communication/socket/udp/send/create-udp-socket.yml
• communication/tcp/client/act-as-tcp-client.yml
• communication/tcp/serve/start-tcp-server.yml
• data-manipulation/checksum/crc32/hash-data-with-crc32.yml
• data-manipulation/checksum/luhn/validate-credit-card-number-using-luhn-algorithm.yml
• data-manipulation/compression/compress-data-via-winapi.yml
• data-manipulation/compression/decompress-data-using-quicklz.yml
• data-manipulation/compression/decompress-data-via-iencodingfilterfactory.yml
• data-manipulation/encoding/base64/encode-data-using-base64.yml
• data-manipulation/encoding/base64/reference-base64-string.yml
• data-manipulation/encoding/xor/encode-data-using-xor.yml
• data-manipulation/encryption/aes/decrypt-data-using-aes-via-x86-extensions.yml
• data-manipulation/encryption/aes/encrypt-data-using-aes-via-net.yml
• data-manipulation/encryption/aes/encrypt-data-using-aes-via-winapi.yml
• data-manipulation/encryption/aes/encrypt-data-using-aes-via-x86-extensions.yml
• data-manipulation/encryption/blowfish/encrypt-data-using-blowfish.yml
• data-manipulation/encryption/camellia/encrypt-data-using-camellia.yml
• data-manipulation/encryption/des/encrypt-data-using-des-via-winapi.yml
• data-manipulation/encryption/des/encrypt-data-using-des.yml
• data-manipulation/encryption/dpapi/encrypt-data-using-dpapi.yml
• data-manipulation/encryption/encrypt-or-decrypt-via-wincrypt.yml
• data-manipulation/encryption/import-public-key.yml
• data-manipulation/encryption/rc4/encrypt-data-using-rc4-ksa.yml
• data-manipulation/encryption/rc4/encrypt-data-using-rc4-prga.yml
• data-manipulation/encryption/rc4/encrypt-data-using-rc4-via-winapi.yml
• data-manipulation/encryption/rc6/encrypt-data-using-rc6.yml
• data-manipulation/encryption/rsa/reference-public-rsa-key.yml
• data-manipulation/encryption/skipjack/encrypt-data-using-skipjack.yml
• data-manipulation/encryption/sosemanuk/encrypt-data-using-sosemanuk.yml
• data-manipulation/encryption/twofish/encrypt-data-using-twofish.yml
• data-manipulation/hashing/hash-data-via-wincrypt.yml
• data-manipulation/hashing/murmur/hash-data-using-murmur3.yml
• data-manipulation/hashing/sha1/hash-data-using-sha1.yml
• data-manipulation/hashing/sha224/hash-data-using-sha224.yml
• data-manipulation/hashing/sha256/hash-data-using-sha256.yml
• data-manipulation/hashing/tiger/hash-data-using-tiger.yml
• data-manipulation/prng/mersenne/generate-random-numbers-using-a-mersenne-twister.yml
• executable/pe/run-as-a-service.yml
• host-interaction/thread/create/create-thread.yml
• lib/validate-credit-card-number-using-luhn-algorithm-with-lookup-table.yml
• lib/validate-credit-card-number-using-luhn-algorithm-with-no-lookup-table.yml
• load-code/pe/parse-pe-header.yml
• nursery/encode-data-using-base64-via-winapi.yml
• nursery/encrypt-data-using-salsa20-or-chacha.yml
• nursery/packaged-as-a-nsis-installer.yml
• persistence/registry/run/persist-via-run-registry-key.yml
• persistence/startup-folder/write-file-to-startup-folder.yml