v3.1.0

Summary

Added: 19 rules
Modified: 32 rules
Renamed: 3 rules
Deleted: 0 rules

Detailed release changes: rules v3.0.3...v3.1.0

Added rules (19)

• anti-analysis/packer/themida/packed-with-themida.yml
• data-manipulation/compression/decompress-data-using-ucl.yml
• host-interaction/process/inject/inject-shellcode-using-a-file-mapping-object.yml
• linking/static/wolfcrypt/linked-against-wolfcrypt.yml
• linking/static/wolfssl/linked-against-wolfssl.yml
• load-code/shellcode/execute-shellcode-via-copyfile2.yml
• load-code/shellcode/execute-shellcode-via-createthreadpoolwait.yml
• load-code/shellcode/execute-shellcode-via-enumuilanguages.yml
• load-code/shellcode/execute-shellcode-via-windows-fibers.yml
• malware-family/plugx/match-known-plugx-module.yml
• nursery/capture-webcam-video.yml
• nursery/create-registry-key-via-stdregprov.yml
• nursery/delete-registry-key-via-stdregprov.yml
• nursery/delete-registry-value-via-stdregprov.yml
• nursery/delete-windows-backup-catalog.yml
• nursery/disable-automatic-windows-recovery-features.yml
• nursery/query-or-enumerate-registry-key-via-stdregprov.yml
• nursery/query-or-enumerate-registry-value-via-stdregprov.yml
• nursery/set-registry-value-via-stdregprov.yml

Modified rules (32)

• anti-analysis/anti-forensic/patch-process-command-line.yml
• anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-vmware.yml
• collection/browser/gather-firefox-profile-information.yml
• collection/get-current-user-on-linux.yml
• communication/dns/reference-dns-over-https-endpoints.yml
• communication/http/client/create-bits-job.yml
• communication/receive-data.yml
• communication/socket/tcp/send/obtain-transmitpackets-callback-function-via-wsaioctl.yml
• compiler/go/compiled-with-go.yml
• data-manipulation/compression/decompress-data-using-aplib.yml
• data-manipulation/hashing/md5/hash-data-with-md5.yml
• data-manipulation/hmac/authenticate-hmac.yml
• host-interaction/driver/disable-driver-code-integrity.yml
• host-interaction/environment-variable/get-comspec-environment-variable.yml
• host-interaction/file-system/change-file-permission-on-linux.yml
• host-interaction/file-system/move/move-file.yml
• host-interaction/file-system/read/read-file-via-mapping.yml
• host-interaction/filter/register-minifilter-driver.yml
• host-interaction/filter/start-minifilter-driver.yml
• host-interaction/gui/console/set-console-window-title.yml
• host-interaction/log/clfs/read-data-from-clfs-log-container.yml
• host-interaction/os/shutdown-system.yml
• host-interaction/process/dump/create-process-memory-minidump.yml
• host-interaction/recycle-bin/empty-recycle-bin-quietly.yml
• host-interaction/thread/list/enumerate-threads.yml
• lib/open-process.yml
• lib/open-thread.yml
• linking/runtime-linking/resolve-function-by-fin8-fasthash.yml
• load-code/pe/enumerate-pe-sections.yml
• load-code/pe/inspect-section-memory-permissions.yml
• load-code/pe/rebuild-import-table.yml
• load-code/shellcode/spawn-thread-to-rwx-shellcode.yml

Renamed rules (3)

• anti-analysis/anti-forensic/clear-logs/clear-windows-event-logs.yml (was anti-analysis/anti-forensic/clear-logs/clear-the-windows-event-log.yml)
• anti-analysis/packer/pespin/packed-with-pespin.yml (was nursery/packed-with-themida.yml)
• communication/http/client/download-url.yml (was communication/http/client/download-url-to-file.yml)