Jump to content

capa v3.0.3


Recommended Posts

v3.0.3 (2021-10-27)

This is primarily a rule maintenance release:

  • eight new rules, including all relevant techniques from ATT&CK v10, and
  • two rules removed, due to the prevalence of false positives

We've also tweaked the status codes returned by capa.exe to be more specific and added a bit more metadata to the JSON output format.

As always, welcome first time contributors!

New Features

New Rules (8)

Removed rules (2)

  • load-code/pe/parse-pe-exports: too many false positives in unrelated structure accesses
  • anti-analysis/anti-vm/vm-detection/execute-anti-vm-instructions: too many false positives in junk code

Bug Fixes

  • update references from FireEye to Mandiant

Raw diffs


Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...