This release improves a few aspects of dynamic analysis, relaxing our validation on fields across many CAPE versions, for example.
It also includes an updated rule pack in which many dynamic rules make better use of the "span of calls" scope.
New Rules (3)
- host-interaction/registry/change-registry-key-timestamp [email protected]
- host-interaction/mutex/check-mutex-and-terminate-process-on-windows @_re_fox [email protected] [email protected]
- anti-analysis/anti-forensic/clear-logs/clear-windows-event-logs-remotely [email protected]
Bug Fixes
- only parse CAPE fields required for analysis @mike-hunhoff #2607
- main: render result document without needing associated rules @williballenthin #2610
- vmray: only verify process OS and monitor IDs match @mike-hunhoff #2613
- render: don't assume prior matches exist within a thread @mike-hunhoff #2612
Raw diffs
Contributors
williballenthin and mike-hunhoff