From c6c54c316f6a85db92ab312b29a8c5a20a294633 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Sep 2023 06:50:58 +0000 Subject: [PATCH 01/11] build(deps-dev): bump pyinstaller from 5.10.1 to 6.0.0 Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 5.10.1 to 6.0.0. - [Release notes](https://github.com/pyinstaller/pyinstaller/releases) - [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst) - [Commits](https://github.com/pyinstaller/pyinstaller/compare/v5.10.1...v6.0.0) --- updated-dependencies: - dependency-name: pyinstaller dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4f798eeb1..18c007890 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -96,7 +96,7 @@ dev = [ "types-protobuf==4.23.0.3", ] build = [ - "pyinstaller==5.10.1", + "pyinstaller==6.0.0", "setuptools==68.0.0", "build==1.0.3" ] From 8ea7708a38e8868d7992005d1de59ac3c57b5039 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 14:42:16 +0000 Subject: [PATCH 02/11] build(deps-dev): bump wcwidth from 0.2.6 to 0.2.8 Bumps [wcwidth](https://github.com/jquast/wcwidth) from 0.2.6 to 0.2.8. - [Release notes](https://github.com/jquast/wcwidth/releases) - [Commits](https://github.com/jquast/wcwidth/compare/0.2.6...0.2.8) --- updated-dependencies: - dependency-name: wcwidth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4f798eeb1..37c11426b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ dependencies = [ "tabulate==0.9.0", "colorama==0.4.6", "termcolor==2.3.0", - "wcwidth==0.2.6", + "wcwidth==0.2.8", "ida-settings==2.1.0", "viv-utils[flirt]==0.7.9", "halo==0.0.31", From 0bdc727dce3be570dedcdb16f7ce9cc2d87ffbbe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 14:42:28 +0000 Subject: [PATCH 03/11] build(deps-dev): bump black from 23.7.0 to 23.9.1 Bumps [black](https://github.com/psf/black) from 23.7.0 to 23.9.1. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.7.0...23.9.1) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4f798eeb1..93df7fc32 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ dev = [ "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", "ruff==0.0.291", - "black==23.7.0", + "black==23.9.1", "isort==5.11.4", "mypy==1.5.1", "psutil==5.9.2", From 0fbec49708a8642ba490c7f579726aee6aca8c76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 14:42:40 +0000 Subject: [PATCH 04/11] build(deps-dev): bump flake8-bugbear from 23.7.10 to 23.9.16 Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 23.7.10 to 23.9.16. - [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) - [Commits](https://github.com/PyCQA/flake8-bugbear/compare/23.7.10...23.9.16) --- updated-dependencies: - dependency-name: flake8-bugbear dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4f798eeb1..283fd6cca 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,7 +67,7 @@ dev = [ "pytest-instafail==0.5.0", "pytest-cov==4.1.0", "flake8==6.1.0", - "flake8-bugbear==23.7.10", + "flake8-bugbear==23.9.16", "flake8-encodings==0.5.0.post1", "flake8-comprehensions==3.14.0", "flake8-logging-format==0.9.0", From 838205b37561379b679dd478302ddc620531f73e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 14:42:47 +0000 Subject: [PATCH 05/11] build(deps-dev): bump dnfile from 0.13.0 to 0.14.1 Bumps [dnfile](https://github.com/malwarefrank/dnfile) from 0.13.0 to 0.14.1. - [Changelog](https://github.com/malwarefrank/dnfile/blob/master/HISTORY.rst) - [Commits](https://github.com/malwarefrank/dnfile/compare/v0.13.0...v0.14.1) --- updated-dependencies: - dependency-name: dnfile dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4f798eeb1..39ed4ef9e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -46,7 +46,7 @@ dependencies = [ "vivisect==1.1.1", "pefile==2023.2.7", "pyelftools==0.30", - "dnfile==0.13.0", + "dnfile==0.14.1", "dncil==1.0.2", "pydantic==2.1.1", "protobuf==4.23.4", From 248a51c15f4cf4b94945f07ccd3914723a985ef7 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Tue, 10 Oct 2023 09:55:31 +0000 Subject: [PATCH 06/11] Sync capa rules submodule --- CHANGELOG.md | 3 ++- README.md | 2 +- rules | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 686c1cbea..f198514b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ ### Breaking Changes -### New Rules (13) +### New Rules (14) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -25,6 +25,7 @@ - nursery/set-thread-name-on-linux michael.hunhoff@mandiant.com - load-code/dotnet/load-windows-common-language-runtime michael.hunhoff@mandiant.com blas.kojusner@mandiant.com jakub.jozwiak@mandiant.com - nursery/log-keystrokes-via-input-method-manager @mr-tz +- nursery/encrypt-data-using-rc4-via-systemfunction032 richard.weiss@mandiant.com - ### Bug Fixes diff --git a/README.md b/README.md index c49bcf731..00230c519 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-843-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-844-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index e45469908..5f579460f 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit e4546990828f5425d0e430cc02f70897f16bfb82 +Subproject commit 5f579460f5e1dcfac1b0950e31ec02e4d4fa2904 From 5d66a389d3dfa36a79f13012e43e134832fdc652 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Tue, 10 Oct 2023 10:09:36 +0000 Subject: [PATCH 07/11] Sync capa rules submodule --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index 5f579460f..330d0f961 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 5f579460f5e1dcfac1b0950e31ec02e4d4fa2904 +Subproject commit 330d0f9612d3c0baea44c549288d020bb7f177d1 From cd268d6327f59c682ccc9bddd5627c3860b45c77 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Tue, 10 Oct 2023 13:34:52 +0000 Subject: [PATCH 08/11] Sync capa rules submodule --- CHANGELOG.md | 3 ++- README.md | 2 +- rules | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f198514b0..4e24c7060 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ ### Breaking Changes -### New Rules (14) +### New Rules (15) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -26,6 +26,7 @@ - load-code/dotnet/load-windows-common-language-runtime michael.hunhoff@mandiant.com blas.kojusner@mandiant.com jakub.jozwiak@mandiant.com - nursery/log-keystrokes-via-input-method-manager @mr-tz - nursery/encrypt-data-using-rc4-via-systemfunction032 richard.weiss@mandiant.com +- nursery/add-value-to-global-atom-table @mr-tz - ### Bug Fixes diff --git a/README.md b/README.md index 00230c519..0c5c9a30e 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-844-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-845-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index 330d0f961..54e3a1d3d 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 330d0f9612d3c0baea44c549288d020bb7f177d1 +Subproject commit 54e3a1d3dd80ebe184dc06779879996e62f065ba From f85ea915bfd3d41f2afecb1c3a39f7d1edc96850 Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 11 Oct 2023 12:29:18 +0200 Subject: [PATCH 09/11] Update pyinstaller.spec --- .github/pyinstaller/pyinstaller.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pyinstaller/pyinstaller.spec b/.github/pyinstaller/pyinstaller.spec index 7d90e9668..f103ba16e 100644 --- a/.github/pyinstaller/pyinstaller.spec +++ b/.github/pyinstaller/pyinstaller.spec @@ -79,7 +79,7 @@ exe = EXE( name="capa", icon="logo.ico", debug=False, - strip=None, + strip=False, upx=True, console=True, ) From 40ba6679f0851ff8d36c7a08b56cb829775bef77 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 11 Oct 2023 14:36:05 +0000 Subject: [PATCH 10/11] Sync capa-testfiles submodule --- tests/data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data b/tests/data index 87bd888e1..d5a4ab13c 160000 --- a/tests/data +++ b/tests/data @@ -1 +1 @@ -Subproject commit 87bd888e1984a1e9f9ab8e63b8707794392f3156 +Subproject commit d5a4ab13cc448945318b08fb4dbb8ad697affe07 From 77de088ac90d97d736091c43474eb2cf41711a3d Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Thu, 12 Oct 2023 09:01:30 +0000 Subject: [PATCH 11/11] Sync capa rules submodule --- CHANGELOG.md | 3 ++- README.md | 2 +- rules | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e24c7060..c28d9f9ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ ### Breaking Changes -### New Rules (15) +### New Rules (16) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -27,6 +27,7 @@ - nursery/log-keystrokes-via-input-method-manager @mr-tz - nursery/encrypt-data-using-rc4-via-systemfunction032 richard.weiss@mandiant.com - nursery/add-value-to-global-atom-table @mr-tz +- nursery/enumerate-processes-that-use-resource @Ana06 - ### Bug Fixes diff --git a/README.md b/README.md index 0c5c9a30e..aa1306ce0 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-845-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-846-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index 54e3a1d3d..c67c2ffda 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 54e3a1d3dd80ebe184dc06779879996e62f065ba +Subproject commit c67c2ffda2b24ea5f343f953763719ff79bdc45e