Merge pull request #2370 from mandiant/release/v730

bump to v7.3.0

Author: mr-tz

CHANGELOG.md

@@ -2,7 +2,43 @@
 
 ## master (unreleased)
 
-Unlock powerful malware analysis with capa's new [VMRay sandbox](https://www.vmray.com/) integration! Simply provide a VMRay analysis archive, and capa will automatically extract and match capabilties, streamlining your workflow.
+### New Features
+
+### Breaking Changes
+
+### New Rules (0)
+
+-
+
+### Bug Fixes
+
+### capa explorer IDA Pro plugin
+
+### Development
+
+### Raw diffs
+- [capa v7.3.0...master](https://github.com/mandiant/capa/compare/v7.3.0...master)
+- [capa-rules v7.3.0...master](https://github.com/mandiant/capa-rules/compare/v7.3.0...master)
+
+## v7.3.0
+This release comes with the following three major enhancements:
+
+### 1. Support for VMRay sandbox analysis archives
+Unlock powerful malware analysis with capa's new [VMRay sandbox](https://www.vmray.com/) integration! Simply provide a VMRay analysis archive, and capa will automatically extract and match capabilities to streamline your workflow. This is the second support for the analysis of dynamic analysis results after [CAPE](https://www.mandiant.com/resources/blog/dynamic-capa-executable-behavior-cape-sandbox).
+
+### 2. Support for BinExport files generated by Ghidra
+[BinExport](https://github.com/google/binexport) files store disassembled data into a Protocol Buffer format. capa now supports the analysis of BinExport files generated by Ghidra. Using Ghidra and the BinExport file format users can now analyze ARM (AARCH64) ELF files targeting Android.
+
+### 3. Introducing the capa rules website
+You can now browse capa's default rule set at https://mandiant.github.io/capa/rules. In modern terminals the CLI capa tool hyperlinks to resources on the web, including entries on the capa rules website.
+Furthermore, https://mandiant.github.io/capa provides a landing page for the capa tool project.
+
+### Additional updates
+- [capa Explorer Web](https://mandiant.github.io/capa/explorer/) received several enhancements and bug fixes.
+- Support for the IDA Pro 9.0 IDAPython API while keeping compatibility to older IDA Pro versions
+- Six rules have been added and two rules have been updated
+
+Thanks to @r-sm2024 for their contribution in https://github.com/mandiant/capa/pull/2155 and their further work. And of course a big thanks to the community for reporting issues, participating in discussions, and supporting the capa tool and capa rules.
 
 ### New Features
 - regenerate ruleset cache automatically on source change (only in dev mode) #2133 @s-ff
@@ -11,13 +47,10 @@ Unlock powerful malware analysis with capa's new [VMRay sandbox](https://www.vmr
 - add .justfile @williballenthin #2325
 - dynamic: add support for VMRay dynamic sandbox traces #2208 @mike-hunhoff @r-sm2024 @mr-tz
 - cli: use modern terminal features to hyperlink to the rules website #2337 @williballenthin
-- update IDAPython to IDA Pro 9.0 @mr-tz
 - support analyzing BinExport2 files generated by Ghidra #1950 @williballenthin @mehunhoff @mr-tz
 - add support for Android OS #1950 @williballenthin @mehunhoff @mr-tz
 - add support for aarch64 architecture via BinExport2 backend #1950 @williballenthin @mehunhoff @mr-tz
 
-### Breaking Changes
-
 ### New Rules (6)
 
 - linking/static/minhook/linked-against-minhook [email protected]
@@ -26,23 +59,21 @@ Unlock powerful malware analysis with capa's new [VMRay sandbox](https://www.vmr
 - host-interaction/network/traffic/filter/enumerate-network-filters-via-wfp-api [email protected]
 - nursery/check-thread-suspend-count-exceeded [email protected]
 - nursery/create-thread-bypassing-process-freeze [email protected]
--
 
 ### Bug Fixes
 
 - fix duplicate features shown in vverbose mode @williballenthin #2323
 - fix code path reference in linter @williballenthin #2350
 
 ### capa explorer IDA Pro plugin
-- fix byte search IDA Pro 7.5 compatability @mr-tz #2371
-
-### Development
+- update IDAPython to IDA Pro 9.0 @mr-tz
+- fix byte search IDA Pro 7.5 compatibility @mr-tz #2371
 
 ### Raw diffs
-- [capa v7.2.0...master](https://github.com/mandiant/capa/compare/v7.2.0...master)
-- [capa-rules v7.2.0...master](https://github.com/mandiant/capa-rules/compare/v7.2.0...master)
+- [capa v7.2.0...v7.3.0](https://github.com/mandiant/capa/compare/v7.2.0...v7.3.0)
+- [capa-rules v7.2.0...v7.3.0](https://github.com/mandiant/capa-rules/compare/v7.2.0...v7.3.0)
 
-### v7.2.0
+## v7.2.0
 capa v7.2.0 introduces a first version of capa explorer web: a web-based user interface to inspect capa results using your browser. Users can inspect capa result JSON documents in an online web instance or a standalone HTML page for offline usage. capa explorer supports interactive exploring of capa results to make it easier to understand them. Users can filter, sort, and see the details of all identified capabilities. capa explorer web was worked on by @s-ff as part of a [GSoC project](https://summerofcode.withgoogle.com/programs/2024/projects/cR3hjbsq), and it is available at https://mandiant.github.io/capa/explorer/#/.
 
 This release also adds a feature extractor for output from the DRAKVUF sandbox. Now, analysts can pass the resulting `drakmon.log` file to capa and extract capabilities from the artifacts captured by the sandbox. This feature extractor will also be added to the DRAKVUF sandbox as a post-processing script, and it was worked on by @yelhamer as part of a [GSoC project](https://summerofcode.withgoogle.com/programs/2024/projects/fCnBGuEC).

capa/version.py

@@ -5,7 +5,7 @@
 # Unless required by applicable law or agreed to in writing, software distributed under the License
 #  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and limitations under the License.
-__version__ = "7.2.0"
+__version__ = "7.3.0"
 
 
 def get_major_version():