v3.0.3

Summary

Added: 8 rules
Modified: 446 rules
Renamed: 3 rules
Deleted: 2 rules

Detailed release changes: rules v3.0.2...v3.0.3

Added rules (8)

• collection/group-policy/discover-group-policy-via-gpresult.yml
• data-manipulation/encryption/encrypt-data-using-memfrob-from-glibc.yml
• host-interaction/bootloader/manipulate-safe-mode-programs.yml
• nursery/enable-safe-mode-boot.yml
• nursery/resolve-function-by-fnv-1a-hash.yml
• persistence/iis/persist-via-iis-module.yml
• persistence/iis/persist-via-isapi-extension.yml
• targeting/language/identify-system-language-via-api.yml

Modified rules (446)

• anti-analysis/anti-debugging/debugger-detection/check-for-debugger-via-api.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-hardware-breakpoints.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-kernel-debugger-via-shared-user-data-structure.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-outputdebugstring-error.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-peb-beingdebugged-flag.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-peb-ntglobalflag-flag.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-protected-handle-exception.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-software-breakpoints.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-time-delay-via-gettickcount.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-time-delay-via-queryperformancecounter.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-trap-flag-exception.yml
• anti-analysis/anti-debugging/debugger-detection/check-for-unexpected-memory-writes.yml
• anti-analysis/anti-debugging/debugger-detection/check-process-job-object.yml
• anti-analysis/anti-debugging/debugger-detection/check-processdebugport.yml
• anti-analysis/anti-debugging/debugger-detection/execute-anti-debugging-instructions.yml
• anti-analysis/anti-disasm/contain-anti-disasm-techniques.yml
• anti-analysis/anti-forensic/clear-logs/clear-the-windows-event-log.yml
• anti-analysis/anti-forensic/crash-the-windows-event-logging-service.yml
• anti-analysis/anti-forensic/patch-process-command-line.yml
• anti-analysis/anti-forensic/self-deletion/self-delete.yml
• anti-analysis/anti-forensic/timestomp/timestomp-file.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-parallels.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-qemu.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualpc.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-vmware.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-xen.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings.yml
• anti-analysis/obfuscation/string/stackstring/contain-obfuscated-stackstrings.yml
• anti-analysis/packer/amber/packed-with-amber.yml
• anti-analysis/packer/aspack/packed-with-aspack.yml
• anti-analysis/packer/confuser/packed-with-confuser.yml
• anti-analysis/packer/generic/packed-with-generic-packer.yml
• anti-analysis/packer/gopacker/packed-with-gopacker.yml
• anti-analysis/packer/pecompact/packed-with-pecompact.yml
• anti-analysis/packer/upx/packed-with-upx.yml
• anti-analysis/packer/vmprotect/packed-with-vmprotect.yml
• anti-analysis/reference-analysis-tools-strings.yml
• c2/file-transfer/download-and-write-a-file.yml
• c2/file-transfer/write-and-execute-a-file.yml
• c2/shell/create-reverse-shell.yml
• c2/shell/execute-shell-command-and-capture-output.yml
• collection/acquire-credentials-from-windows-credential-manager.yml
• collection/database/sql/reference-sql-statements.yml
• collection/database/wmi/reference-wmi-statements.yml
• collection/keylog/log-keystrokes-via-application-hook.yml
• collection/keylog/log-keystrokes-via-polling.yml
• collection/keylog/log-keystrokes.yml
• collection/network/get-mac-address-on-windows.yml
• collection/screenshot/capture-screenshot.yml
• communication/ftp/send/send-file-using-ftp-via-wininet.yml
• communication/http/client/connect-to-http-server.yml
• communication/http/client/connect-to-url.yml
• communication/http/client/create-http-request.yml
• communication/http/client/decompress-http-response-via-iencodingfilterfactory.yml
• communication/http/client/download-url-to-file.yml
• communication/http/client/extract-http-body.yml
• communication/http/client/get-http-document-via-iwebbrowser2.yml
• communication/http/client/get-http-response-content-encoding.yml
• communication/http/client/prepare-http-request.yml
• communication/http/client/read-data-from-internet.yml
• communication/http/client/receive-http-response.yml
• communication/http/client/send-file-via-http.yml
• communication/http/client/send-http-request.yml
• communication/http/initialize-iwebbrowser2.yml
• communication/http/initialize-winhttp-library.yml
• communication/http/read-http-header.yml
• communication/http/server/receive-http-request.yml
• communication/http/server/send-http-response.yml
• communication/http/server/start-http-server.yml
• communication/http/set-http-header.yml
• communication/icmp/send-icmp-echo-request.yml
• communication/named-pipe/connect/connect-pipe.yml
• communication/named-pipe/create/create-pipe.yml
• communication/named-pipe/create/create-two-anonymous-pipes.yml
• communication/named-pipe/read/read-pipe.yml
• communication/named-pipe/write/write-pipe.yml
• communication/receive-data.yml
• communication/send-data.yml
• communication/socket/get-socket-status.yml
• communication/socket/initialize-winsock-library.yml
• communication/socket/receive/receive-data-on-socket.yml
• communication/socket/send/send-data-on-socket.yml
• communication/socket/set-socket-configuration.yml
• communication/socket/tcp/connect-tcp-socket.yml
• communication/socket/tcp/create-tcp-socket.yml
• communication/socket/tcp/send/send-tcp-data-via-wfp-api.yml
• communication/socket/udp/send/create-udp-socket.yml
• communication/tcp/client/act-as-tcp-client.yml
• communication/tcp/serve/start-tcp-server.yml
• compiler/autoit/compiled-with-autoit.yml
• compiler/delphi/compiled-with-borland-delphi.yml
• compiler/go/compiled-with-go.yml
• compiler/mingw/compiled-with-mingw-for-windows.yml
• compiler/nim/compiled-with-nim.yml
• data-manipulation/checksum/adler32/compute-adler32-checksum.yml
• data-manipulation/checksum/crc32/hash-data-with-crc32.yml
• data-manipulation/compression/compress-data-via-winapi.yml
• data-manipulation/compression/decompress-data-using-aplib.yml
• data-manipulation/compression/decompress-data-via-iencodingfilterfactory.yml
• data-manipulation/encoding/base64/decode-data-using-base64-via-dword-translation-table.yml
• data-manipulation/encoding/base64/decode-data-using-base64-via-winapi.yml
• data-manipulation/encoding/base64/encode-data-using-base64-via-winapi.yml
• data-manipulation/encoding/base64/encode-data-using-base64.yml
• data-manipulation/encoding/base64/reference-base64-string.yml
• data-manipulation/encoding/xor/encode-data-using-xor.yml
• data-manipulation/encryption/aes/decrypt-data-using-aes-via-x86-extensions.yml
• data-manipulation/encryption/aes/encrypt-data-using-aes-via-net.yml
• data-manipulation/encryption/aes/encrypt-data-using-aes-via-winapi.yml
• data-manipulation/encryption/create-new-key-via-cryptacquirecontext.yml
• data-manipulation/encryption/dpapi/encrypt-data-using-dpapi.yml
• data-manipulation/encryption/elliptic-curve/encrypt-data-using-curve25519.yml
• data-manipulation/encryption/encrypt-or-decrypt-via-wincrypt.yml
• data-manipulation/encryption/get-outbound-credentials-handle-via-credssp.yml
• data-manipulation/encryption/import-public-key.yml
• data-manipulation/encryption/rc4/encrypt-data-using-rc4-ksa.yml
• data-manipulation/encryption/rc4/encrypt-data-using-rc4-prga.yml
• data-manipulation/encryption/rc4/encrypt-data-using-rc4-via-winapi.yml
• data-manipulation/encryption/rc6/encrypt-data-using-rc6.yml
• data-manipulation/encryption/rsa/reference-public-rsa-key.yml
• data-manipulation/hashing/fnv/hash-data-using-fnv.yml
• data-manipulation/hashing/hash-data-via-wincrypt.yml
• data-manipulation/hashing/md5/hash-data-with-md5.yml
• data-manipulation/hashing/murmur/hash-data-using-murmur3.yml
• data-manipulation/hashing/sha1/hash-data-using-sha1.yml
• data-manipulation/hashing/sha224/hash-data-using-sha224.yml
• data-manipulation/hashing/sha256/hash-data-using-sha256.yml
• data-manipulation/hmac/authenticate-hmac.yml
• data-manipulation/prng/generate-random-numbers-via-winapi.yml
• data-manipulation/prng/mersenne/generate-random-numbers-using-a-mersenne-twister.yml
• executable/pe/pdb/contains-pdb-path.yml
• executable/pe/section/rsrc/contain-a-resource-rsrc-section.yml
• executable/pe/section/tls/contain-a-thread-local-storage-tls-section.yml
• executable/resource/extract-resource-via-kernel32-functions.yml
• executable/subfile/pe/contain-an-embedded-pe-file.yml
• host-interaction/bootloader/disable-code-signing.yml
• host-interaction/bootloader/manipulate-boot-configuration.yml
• host-interaction/cli/accept-command-line-arguments.yml
• host-interaction/clipboard/open-clipboard.yml
• host-interaction/clipboard/read-clipboard-data.yml
• host-interaction/clipboard/replace-clipboard-data.yml
• host-interaction/clipboard/write-clipboard-data.yml
• host-interaction/console/manipulate-console.yml
• host-interaction/driver/disable-driver-code-integrity.yml
• host-interaction/driver/install-driver.yml
• host-interaction/driver/interact-with-driver-via-control-codes.yml
• host-interaction/environment-variable/get-comspec-environment-variable.yml
• host-interaction/environment-variable/query-environment-variable.yml
• host-interaction/environment-variable/set-environment-variable.yml
• host-interaction/file-system/bypass-mark-of-the-web.yml
• host-interaction/file-system/copy/copy-file.yml
• host-interaction/file-system/create/create-directory.yml
• host-interaction/file-system/delete/delete-directory.yml
• host-interaction/file-system/delete/delete-file.yml
• host-interaction/file-system/exists/check-if-file-exists.yml
• host-interaction/file-system/files/list/enumerate-files-on-linux.yml
• host-interaction/file-system/files/list/enumerate-files-via-kernel32-functions.yml
• host-interaction/file-system/files/list/enumerate-files-via-ntdll-functions.yml
• host-interaction/file-system/get-common-file-path.yml
• host-interaction/file-system/get-file-system-object-information.yml
• host-interaction/file-system/get-program-files-directory.yml
• host-interaction/file-system/meta/get-file-attributes.yml
• host-interaction/file-system/meta/get-file-size.yml
• host-interaction/file-system/meta/get-file-version-info.yml
• host-interaction/file-system/meta/set-file-attributes.yml
• host-interaction/file-system/move/move-file.yml
• host-interaction/file-system/read/read-file-on-windows.yml
• host-interaction/file-system/read/read-file-via-mapping.yml
• host-interaction/file-system/read/read-ini-file.yml
• host-interaction/file-system/windows-file-protection/bypass-windows-file-protection.yml
• host-interaction/file-system/write/write-file-on-windows.yml
• host-interaction/filter/register-minifilter-driver.yml
• host-interaction/filter/start-minifilter-driver.yml
• host-interaction/firewall/modify/access-firewall-settings-via-inetfwmgr.yml
• host-interaction/gui/console/set-console-window-title.yml
• host-interaction/gui/session/lock/lock-the-desktop.yml
• host-interaction/gui/set-application-hook.yml
• host-interaction/gui/taskbar/find/find-taskbar.yml
• host-interaction/gui/taskbar/hide/hide-the-windows-taskbar.yml
• host-interaction/gui/window/find/find-graphical-window.yml
• host-interaction/gui/window/get-text/get-graphical-window-text.yml
• host-interaction/gui/window/hide/hide-graphical-window.yml
• host-interaction/hardware/cdrom/manipulate-cd-rom-drive.yml
• host-interaction/hardware/cpu/get-cpu-information.yml
• host-interaction/hardware/cpu/get-number-of-processor-cores.yml
• host-interaction/hardware/cpu/get-number-of-processors.yml
• host-interaction/hardware/keyboard/simulate-ctrl-alt-del.yml
• host-interaction/hardware/memory/get-memory-capacity.yml
• host-interaction/hardware/mouse/swap-mouse-buttons.yml
• host-interaction/hardware/storage/enumerate-disk-properties.yml
• host-interaction/hardware/storage/get-disk-information.yml
• host-interaction/hardware/storage/get-disk-size.yml
• host-interaction/log/debug/write-event/print-debug-messages.yml
• host-interaction/log/winevt/access/access-the-windows-event-log.yml
• host-interaction/mutex/check-mutex-and-exit.yml
• host-interaction/mutex/check-mutex.yml
• host-interaction/mutex/create-mutex.yml
• host-interaction/network/address/get-local-ipv4-addresses.yml
• host-interaction/network/connectivity/check-internet-connectivity-via-wininet.yml
• host-interaction/network/dns/resolve/resolve-dns.yml
• host-interaction/network/domain/enumerate-domain-computers-via-ldap.yml
• host-interaction/network/interface/get-networking-interfaces.yml
• host-interaction/network/traffic/copy/copy-network-traffic.yml
• host-interaction/network/traffic/filter/register-network-filter-via-wfp-api.yml
• host-interaction/os/hostname/get-hostname.yml
• host-interaction/os/info/get-system-information-on-windows.yml
• host-interaction/os/shutdown-system.yml
• host-interaction/os/version/check-os-version.yml
• host-interaction/process/allocate-thread-local-storage.yml
• host-interaction/process/create/create-a-process-with-modified-io-handles-and-window.yml
• host-interaction/process/create/create-process-on-windows.yml
• host-interaction/process/create/create-process-suspended.yml
• host-interaction/process/dump/create-process-memory-minidump.yml
• host-interaction/process/get-process-heap-flags.yml
• host-interaction/process/get-process-heap-force-flags.yml
• host-interaction/process/inject/allocate-rwx-memory.yml
• host-interaction/process/inject/allocate-user-process-rwx-memory.yml
• host-interaction/process/inject/attach-user-process-memory.yml
• host-interaction/process/inject/free-user-process-memory.yml
• host-interaction/process/inject/hijack-thread-execution.yml
• host-interaction/process/inject/inject-apc.yml
• host-interaction/process/inject/inject-pe.yml
• host-interaction/process/inject/inject-thread.yml
• "host-interaction/process/inject/use-process-doppelg\303\244nging.yml"
• host-interaction/process/inject/use-process-replacement.yml
• host-interaction/process/list/enumerate-processes-on-remote-desktop-session-host.yml
• host-interaction/process/list/enumerate-processes.yml
• host-interaction/process/list/find-process-by-pid.yml
• host-interaction/process/list/get-explorer-pid.yml
• host-interaction/process/modify/acquire-debug-privileges.yml
• host-interaction/process/modify/modify-access-privileges.yml
• host-interaction/process/modules/list/enumerate-process-modules.yml
• host-interaction/process/set-thread-local-storage-value.yml
• host-interaction/process/terminate/terminate-process.yml
• host-interaction/registry/create-or-open-registry-key.yml
• host-interaction/registry/create/set-registry-value.yml
• host-interaction/registry/delete/delete-registry-key.yml
• host-interaction/registry/delete/delete-registry-value.yml
• host-interaction/registry/query-or-enumerate-registry-key.yml
• host-interaction/registry/query-or-enumerate-registry-value.yml
• host-interaction/service/create/create-service.yml
• host-interaction/service/delete/delete-service.yml
• host-interaction/service/list/enumerate-services.yml
• host-interaction/service/modify/modify-service.yml
• host-interaction/service/query-service-status.yml
• host-interaction/service/run-as-service.yml
• host-interaction/service/start/start-service.yml
• host-interaction/service/stop/stop-service.yml
• host-interaction/session/get-session-integrity-level.yml
• host-interaction/session/get-session-user-name.yml
• host-interaction/session/get-token-membership.yml
• host-interaction/session/get-user-security-identifier.yml
• host-interaction/thread/create/create-thread.yml
• host-interaction/thread/list/enumerate-threads.yml
• host-interaction/thread/terminate/terminate-thread.yml
• host-interaction/uac/bypass/bypass-uac-via-appinfo-alpc.yml
• host-interaction/uac/bypass/bypass-uac-via-icmluautil.yml
• host-interaction/uac/bypass/bypass-uac-via-token-manipulation.yml
• host-interaction/wmi/connect-to-wmi-namespace-via-wbemlocator.yml
• impact/inhibit-system-recovery/delete-volume-shadow-copies.yml
• impact/wipe-disk/wipe-mbr/overwrite-master-boot-record-mbr.yml
• internal/limitation/file/internal-autoit-file-limitation.yml
• internal/limitation/file/internal-dotnet-file-limitation.yml
• internal/limitation/file/internal-installer-file-limitation.yml
• internal/limitation/file/internal-packer-file-limitation.yml
• lib/calculate-modulo-256-via-x86-assembly.yml
• lib/contain-loop.yml
• lib/contain-pusha-popa-sequence.yml
• lib/create-or-open-file.yml
• lib/delay-execution.yml
• lib/get-service-handle.yml
• lib/peb-access.yml
• lib/write-process-memory.yml
• linking/runtime-linking/access-peb-ldr_data.yml
• linking/runtime-linking/get-kernel32-base-address.yml
• linking/runtime-linking/get-ntdll-base-address.yml
• linking/runtime-linking/link-function-at-runtime-on-windows.yml
• linking/runtime-linking/link-many-functions-at-runtime.yml
• linking/static/cryptopp/linked-against-crypto.yml
• linking/static/libcurl/linked-against-libcurl.yml
• linking/static/msdetours/linked-against-microsoft-detours.yml
• linking/static/openssl/linked-against-openssl.yml
• linking/static/polarssl/linked-against-polarsslmbed-tls.yml
• linking/static/zlib/linked-against-zlib.yml
• load-code/pe/access-pe-header.yml
• load-code/pe/inject-dll-reflectively.yml
• load-code/pe/parse-pe-header.yml
• load-code/shellcode/spawn-thread-to-rwx-shellcode.yml
• nursery/add-file-to-cabinet-file.yml
• nursery/add-user-account-group.yml
• nursery/add-user-account-to-group.yml
• nursery/add-user-account.yml
• nursery/build-docker-image.yml
• nursery/bypass-uac-via-scheduled-task-environment-variable.yml
• nursery/change-user-account-password.yml
• nursery/check-for-process-debug-object.yml
• nursery/check-license-value.yml
• nursery/check-processdebugflags.yml
• nursery/check-systemkerneldebuggerinformation.yml
• nursery/check-thread-yield-allowed.yml
• nursery/compare-security-identifiers.yml
• nursery/compiled-from-epl.yml
• nursery/connect-network-resource.yml
• nursery/create-container.yml
• nursery/create-restart-manager-session.yml
• nursery/create-shortcut-via-ishelllink.yml
• nursery/debug-build.yml
• nursery/decrypt-data-via-sspi.yml
• nursery/delete-internet-cache.yml
• nursery/delete-user-account-from-group.yml
• nursery/delete-user-account-group.yml
• nursery/delete-user-account.yml
• nursery/empty-the-recycle-bin.yml
• nursery/encrypt-data-using-aes-via-x86-extensions.yml
• nursery/encrypt-data-using-fakem-cipher.yml
• nursery/encrypt-data-using-salsa20-or-chacha.yml
• nursery/encrypt-data-via-sspi.yml
• nursery/encrypt-or-decrypt-data-via-bcrypt.yml
• nursery/enumerate-browser-history.yml
• nursery/enumerate-disk-volumes.yml
• nursery/enumerate-internet-cache.yml
• nursery/enumerate-network-shares.yml
• nursery/enumerate-system-firmware-tables.yml
• nursery/execute-shell-command-via-windows-remote-management.yml
• nursery/flush-cabinet-file.yml
• nursery/generate-random-numbers-using-the-delphi-lcg.yml
• nursery/get-client-handle-via-schannel.yml
• nursery/get-inbound-credentials-handle-via-credssp.yml
• nursery/get-installed-programs.yml
• nursery/get-networking-parameters.yml
• nursery/get-proxy.yml
• nursery/get-remote-cert-context-via-schannel.yml
• nursery/get-routing-table.yml
• nursery/get-session-information.yml
• nursery/get-socket-information.yml
• nursery/get-storage-device-properties.yml
• nursery/get-system-firmware-table.yml
• nursery/get-thread-local-storage-value.yml
• nursery/get-token-privileges.yml
• nursery/hash-data-using-crc32b.yml
• nursery/hash-data-using-md4.yml
• nursery/hash-data-using-murmur2.yml
• nursery/hash-data-using-sha1-via-wincrypt.yml
• nursery/hash-data-via-bcrypt.yml
• nursery/hide-thread-from-debugger.yml
• nursery/hook-routines-via-microsoft-detours.yml
• nursery/hooked-by-api-override.yml
• nursery/impersonate-user.yml
• nursery/initialize-hashing-via-wincrypt.yml
• nursery/inspect-load-icon-resource.yml
• nursery/linked-against-cpp-regex-library.yml
• nursery/linked-against-xzip.yml
• nursery/list-containers.yml
• nursery/list-domain-servers.yml
• nursery/list-drag-and-drop-files.yml
• nursery/list-groups-for-user-account.yml
• nursery/list-tcp-connections-and-listeners.yml
• nursery/list-udp-connections-and-listeners.yml
• nursery/list-user-account-groups.yml
• nursery/list-user-accounts-for-group.yml
• nursery/list-user-accounts.yml
• nursery/listen-for-remote-procedure-calls.yml
• nursery/load-windows-common-language-runtime.yml
• nursery/log-keystrokes-via-raw-input-data.yml
• nursery/make-an-http-request-with-a-cookie.yml
• nursery/migrate-process-to-active-window-station.yml
• nursery/mine-cryptocurrency.yml
• nursery/monitor-clipboard-content.yml
• nursery/monitor-local-ipv4-address-changes.yml
• nursery/open-cabinet-file.yml
• nursery/packaged-as-a-createinstall-installer.yml
• nursery/packaged-as-a-nsis-installer.yml
• nursery/packaged-as-a-pintool.yml
• nursery/packaged-as-a-winzip-self-extracting-archive.yml
• nursery/packaged-as-a-wise-installer.yml
• nursery/packaged-as-an-installshield-installer.yml
• nursery/packed-with-ccg.yml
• nursery/packed-with-crunch.yml
• nursery/packed-with-dragon-armor.yml
• nursery/packed-with-enigma.yml
• nursery/packed-with-epack.yml
• nursery/packed-with-maskpe.yml
• nursery/packed-with-mew.yml
• nursery/packed-with-mpress.yml
• nursery/packed-with-neolite.yml
• nursery/packed-with-pepack.yml
• nursery/packed-with-perplex.yml
• nursery/packed-with-procrypt.yml
• nursery/packed-with-rpcrypt.yml
• nursery/packed-with-seausfx.yml
• nursery/packed-with-shrinker.yml
• nursery/packed-with-simple-pack.yml
• nursery/packed-with-starforce.yml
• nursery/packed-with-svkp.yml
• nursery/packed-with-themida.yml
• nursery/packed-with-tsuloader.yml
• nursery/packed-with-vprotect.yml
• nursery/packed-with-wwpack.yml
• nursery/parse-url.yml
• nursery/prompt-user-for-credentials.yml
• nursery/query-remote-server-for-available-data.yml
• nursery/read-and-send-data-from-client-to-server.yml
• nursery/read-process-memory.yml
• nursery/read-raw-disk-data.yml
• nursery/rebuilt-by-imprec.yml
• nursery/receive-and-write-data-from-server-to-client.yml
• nursery/reference-114dns-dns-server.yml
• nursery/reference-aes-constants.yml
• nursery/reference-alidns-dns-server.yml
• nursery/reference-cloudflare-dns-server.yml
• nursery/reference-comodo-secure-dns-server.yml
• nursery/reference-google-public-dns-server.yml
• nursery/reference-hurricane-electric-dns-server.yml
• nursery/reference-kornet-dns-server.yml
• nursery/reference-l3-dns-server.yml
• nursery/reference-opendns-dns-server.yml
• nursery/reference-processor-manufacturer-constants.yml
• nursery/reference-quad9-dns-server.yml
• nursery/reference-screen-saver-executable.yml
• nursery/reference-startup-folder.yml
• nursery/reference-the-vmware-io-port.yml
• nursery/reference-verisign-dns-server.yml
• nursery/register-http-server-url.yml
• nursery/register-raw-input-devices.yml
• nursery/resize-volume-shadow-copy-storage.yml
• nursery/resolve-function-by-hash.yml
• nursery/run-in-container.yml
• nursery/run-powershell-expression.yml
• nursery/schedule-task-via-itaskservice.yml
• nursery/search-for-credit-card-data.yml
• nursery/send-http-request-with-host-header.yml
• nursery/set-global-application-hook.yml
• nursery/spoof-parent-pid.yml
• nursery/terminate-process-by-name.yml
• persistence/registry/persist-via-active-setup-registry-key.yml
• persistence/registry/run/persist-via-run-registry-key.yml
• persistence/scheduled-tasks/schedule-task-via-itaskscheduler.yml
• persistence/service/persist-via-windows-service.yml
• persistence/startup-folder/get-startup-folder.yml
• persistence/startup-folder/write-file-to-startup-folder.yml
• runtime/dotnet/compiled-to-the-net-platform.yml
• targeting/automated-teller-machine/diebold-nixdorf/load-diebold-nixdorf-atm-library.yml
• targeting/automated-teller-machine/diebold-nixdorf/reference-diebold-atm-routines.yml
• targeting/automated-teller-machine/identify-atm-dispenser-service-provider.yml
• targeting/automated-teller-machine/ncr/load-ncr-atm-library.yml
• targeting/automated-teller-machine/ncr/reference-ncr-atm-library-routines.yml

Renamed rules (3)

• host-interaction/hardware/keyboard/get-keyboard-layout.yml (was host-interaction/hardware/keyboard/layout/get-keyboard-layout.yml)
• host-interaction/recycle-bin/empty-recycle-bin-quietly.yml (was nursery/empty-recycle-bin-quietly.yml)
• nursery/append-data-to-clfs-log-container.yml (was host-interaction/log/clfs/append-data-to-clfs-log-container.yml)

Deleted rules (2)

• anti-analysis/anti-vm/vm-detection/execute-anti-vm-instructions.yml
• load-code/pe/parse-pe-exports.yml