Rename architecture-specific rules and update rule names inside YAML files #1011
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: check for PEB NtGlobalFlag flag via x86 assembly | ||
| namespace: anti-analysis/anti-debugging/debugger-detection | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: check for trap flag exception via x86 assembly | ||
| namespace: anti-analysis/anti-debugging/debugger-detection | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: execute anti-debugging instructions via x86 assembly | ||
| namespace: anti-analysis/anti-debugging/debugger-detection | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: 64-bit execution via heavens gate via x86 assembly | ||
| namespace: anti-analysis/anti-disasm | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: patch process command line via x86 assembly | ||
| namespace: anti-analysis/anti-forensic | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: obtain TransmitPackets callback function via WSAIoctl via x86 assembly | ||
| namespace: communication/socket/tcp/send | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: compute adler32 checksum via x86 assembly | ||
| namespace: data-manipulation/checksum/adler32 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: hash data with CRC32 via x86 assembly | ||
| namespace: data-manipulation/checksum/crc32 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: decompress data using UCL via x86 assembly | ||
| namespace: data-manipulation/compression | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: decode data using Base64 via dword translation table via x86 assembly | ||
| namespace: data-manipulation/encoding/base64 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: manually build AES constants via x86 assembly | ||
| namespace: data-manipulation/encryption/aes | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| # generated using capa explorer for IDA Pro | ||
| rule: | ||
| meta: | ||
| name: encrypt data using HC-128 via WolfSSL via x86 assembly | ||
| namespace: data-manipulation/encryption/hc-128 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: encrypt data using HC-128 via x86 assembly | ||
| namespace: data-manipulation/encryption/hc-128 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: encrypt data using RC4 KSA via x86 assembly | ||
| namespace: data-manipulation/encryption/rc4 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: encrypt data using RC4 PRGA via x86 assembly | ||
| namespace: data-manipulation/encryption/rc4 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: encrypt data using Sosemanuk via x86 assembly | ||
| namespace: data-manipulation/encryption/sosemanuk | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: decrypt data using TEA via x86 assembly | ||
| namespace: data-manipulation/encryption/tea | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: encrypt data using TEA via x86 assembly | ||
| namespace: data-manipulation/encryption/tea | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: encrypt data using XXTEA via x86 assembly | ||
| namespace: data-manipulation/encryption/xxtea | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: hash data using djb2 via x86 assembly | ||
| namespace: data-manipulation/hashing/djb2 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: hash data using fnv via x86 assembly | ||
| namespace: data-manipulation/hashing/fnv | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: hash data using murmur3 via x86 assembly | ||
| namespace: data-manipulation/hashing/murmur | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get number of processors via x86 assembly | ||
|
There was a problem hiding this comment. There is branch that does not use x86 assembly, please revert. There was a problem hiding this comment.
My bad! I oversaw the last statement. Will revert it back |
||
| namespace: host-interaction/hardware/cpu | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: create a process with modified I/O handles and window via x86 assembly | ||
| namespace: host-interaction/process/create | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: create process on Linux via x86 assembly | ||
| namespace: host-interaction/process/create | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get process filename via x86 assembly | ||
| namespace: host-interaction/process | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get process heap flags via x86 assembly | ||
| namespace: host-interaction/process | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get process heap force flags via x86 assembly | ||
| namespace: host-interaction/process | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| # generated using capa explorer for IDA Pro | ||
| rule: | ||
| meta: | ||
| name: connect to WMI namespace via WbemLocator via x86 assembly | ||
| namespace: host-interaction/wmi | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: calculate modulo 256 via x86 assembly via x86 assembly | ||
| authors: | ||
| - [email protected] | ||
| lib: true | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: contain pusha popa sequence via x86 assembly | ||
| authors: | ||
| - [email protected] | ||
| lib: true | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get OS version via x86 assembly | ||
| authors: | ||
| - "@mr-tz" | ||
| lib: true | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: PEB access via x86 assembly | ||
| authors: | ||
| - [email protected] | ||
| lib: true | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: access PEB ldr_data via x86 assembly | ||
| namespace: linking/runtime-linking | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get kernel32 base address via x86 assembly | ||
| namespace: linking/runtime-linking | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: get ntdll base address via x86 assembly | ||
| namespace: linking/runtime-linking | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: populate SysWhispers2 syscall list via x86 assembly | ||
| namespace: linking/runtime-linking | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: resolve function by Brute Ratel Badger hash via x86 assembly | ||
| namespace: linking/runtime-linking | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: linked against OpenSSL via x86 assembly | ||
| namespace: linking/static/openssl | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: enumerate PE sections via x86 assembly | ||
| namespace: load-code/pe | ||
| authors: | ||
| - "@Ana06" | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: parse PE header via x86 assembly | ||
| namespace: load-code/pe | ||
| authors: | ||
| - [email protected] | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: rebuild import table via x86 assembly | ||
| namespace: load-code/pe | ||
| authors: | ||
| - "@Ana06" | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| rule: | ||
| meta: | ||
| name: decode data using Base64 via VBMI lookup table via x86 assembly | ||
| namespace: data-manipulation/encoding/base64 | ||
| authors: | ||
| - [email protected] | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.