Releases: chainguard-dev/malcontent
Releases · chainguard-dev/malcontent
v0.13.0
Tool Improvements
- Add new --min-*-risk flags, obsolete --min-level by @tstromberg in #249
- Clean up displayed paths when encountering archives by @egibs in #217
- Ignore empty root strings when choosing output format by @egibs in #235
- Miscellaneous tweaks, additions, and performance improvements by @egibs in #236
- Remove leading @ from Author value by @tstromberg in #239
- Recursive: return first YARA parse error instead of last by @tstromberg in #248
Rule Improvements
- Add support for github.com/InQuest/yara-rules-vt by @tstromberg in #250
- Add Kiteshield rule by @egibs in #240
- Improve rules based on Kaiji analysis by @tstromberg in #226
- Update YARAForge and threat_hunting rules, fix issues in update script by @tstromberg in #241
- Improve Python detection for xFileSyncerx style attacks by @tstromberg in #244
- Remove dodgy php_hidden_eval rule by @tstromberg in #243
Developer Improvements
- Add tests for new functionality by @egibs in #215
- Replace Behavior map with slice by @egibs in #228
- Makefile: add 'refresh-sample-testdata' rule by @tstromberg in #246
Full Changelog: v0.12.0...v0.13.0
Contributors
tstromberg and egibs
Assets 2
v0.12.0
Tool Improvements
- Add profiling to help with OOM/performance investigations by @egibs in #207
- Add support for Ruby Gem files by @egibs in #205
- Add version support by @egibs in #210
- Only calculate moves for shared objects by @jonjohnsonjr in #222
- Add -o flag to set output destination by @tstromberg in #220
- Reduce memory usage by 30% through use of pointers by @tstromberg in #211
- make archive extraction problems non-fatal by @tstromberg in #200
- Exclude skipped files from scanning percentages by @tstromberg in #201
Rule Improvements
- Refactor how we handle third_party rules by @tstromberg in #195
- Improve detection for Python setuptools backdoors by @tstromberg in #164
- Update YARAForge from 20240505 to 20240512 by @tstromberg in #225
- Add yara rule to detect bincapz binaries other than ourselves by @tstromberg in #198
- Disable poorly performing rules, including those with warnings by @tstromberg in #196
- Cleanup ThreatHunting Keywords support by @tstromberg in #199
- Add expected hashes to all MEDIUM+ rules, add YARA-CI by @tstromberg in #203
Developer Improvements
- simple output: properly handle skipped (data) files by @tstromberg in #221
New Contributors
- @jonjohnsonjr made their first contribution in #222
Full Changelog: v0.11.0...v0.12.0
Contributors
tstromberg, jonjohnsonjr, and egibs
Assets 2
v0.11.0
What's Changed
We're on the road to v1.0.0: #173
Tool Improvements
- Add support for archives within directories by @egibs in #174
- Ignore the bincapz binary by default by @egibs in #167
- Make --ignore-self more precise by @tstromberg in #194
- Import rule URLs, add them to markdown & JSON output by @tstromberg in #165
Rule Improvements
- Add ThreatHunting-Keywords-yara-rules by @egibs in #160
- Add rule to detect references to Github comment attachments by @tstromberg in #166
- Improve rules based on LightSpy + add Huntress to third_party by @tstromberg in #169
- Mask Chrome extension IDs in threat-hunting keyword list by @tstromberg in #177
- Rule improvements based on temporal analysis by @tstromberg in #175
- powershell: detect verbose hidden incantation by @tstromberg in #163
- python/shell rule improvements based on UPSTYLE analysis by @tstromberg in #126
Development Improvements
- remove release job, it does not work as is and need more things by @cpanato in #179
- Use go.mod for setup-go; update golangci-lint by @egibs in #186
- fix reversed got/want in integration test diffs by @tstromberg in #193
- actions: reduce unnecessary lint noise for non-code files by @tstromberg in #152
Full Changelog: v0.10.0...v0.11.0
Contributors
tstromberg, cpanato, and egibs
Assets 2
v0.10.0
What's Changed
Tool Improvements
- Add --stats capabilities to display run statistics by @egibs in #121
- Add support for OCI images by @egibs in #124
- Add support for archives by @egibs in #144
- Add count + total statistics by @egibs in #153
- terminal improvements: add evidence column back, make diff more obvious by @tstromberg in #143
- terminal: dynamically scale output (again) by @tstromberg in #158
- markdown: Add evidence column, hide metadata rows by @tstromberg in #156
- markdown diff: split add/remove tables by @tstromberg in #159
Rule Improvements
- Add /dev/ rule by @egibs in #148
- Massive rule tuning to improve Linux detection and output by @tstromberg in #146
- Improve detection of embedded ZStandard content & high entropy binaries by @tstromberg in #123
- Tune packer rules to avoid false-positives by @tstromberg in #150
- Rule improvements from GitHub Search Manipulation analysis by @tstromberg in #120
- rules: Add more reference URLs by @tstromberg in #157
- Update to YARAForge 2024-04-14 by @tstromberg in #151
- Disable godmode, import rules based on it by @tstromberg in #149
Development Improvements
- Add GoReleaser Workflow by @egibs in #125
- Bump actions/checkout from 4.1.1 to 4.1.3 in the all group by @dependabot in #155
New Contributors
Full Changelog: v0.9.0...v0.10.0
Contributors
tstromberg, egibs, and dependabot
Assets 2
v0.9.0
What's Changed
Tool Improvements
- Add --min-file-level flag to filter out results for uninteresting files by @tstromberg in #112
- terminal output: revert reverse risk sorting by @tstromberg in #86
- Reduce noisy logging messages by @tstromberg in #117
- fix: update usage message by @willswire in #90
Rule Improvements
- Update to YARA Forge Rule Set Release 20240407 by @tstromberg in #108
- Detect __tls_get_addr (xzutils) & avasa-zombie remnants by @tstromberg in #85
- Tune rules based on avasa-zombie analysis by @tstromberg in #84
- Tune rules based on ctop v0.7.7 analysis by @tstromberg in #114
- Tune rules based on rook analysis by @tstromberg in #116
- Reduce "HIGH" rule hits based on initial Wolfi analysis by @tstromberg in #118
- Fix typo by @mattmoor in #113
Development Improvements
- Add
--verboseflag, hide INFO log messages from stderr by default by @tstromberg in #109 - Fix the top level tests, fix a typo in the name. by @vaikas in #98
- Refactor so that testdata samples are in their own namespace by @tstromberg in #110
- Remove executable bit from samples by @tstromberg in #111
- Add "make lint" rule and golangci-lint config by @tstromberg in #87
- Run gofumpt on Go code by @tstromberg in #88
- Refactor, add tests. by @vaikas in #91
- Add gha for tests, dependabot. Fixes #28, #97. by @vaikas in #100
- add boilerplates and ci jobs for lint by @cpanato in #102
- add chainguard source by @cpanato in #103
- Bump golang.org/x/term from 0.18.0 to 0.19.0 by @dependabot in #101
- Move to clog, plumb context through as necessary. by @vaikas in #104
- Makefile: add 'update-yaraforge' rule by @tstromberg in #105
- Add .wokeignore for third_party code by @tstromberg in #107
New Contributors
- @willswire made their first contribution in #90
- @vaikas made their first contribution in #98
- @cpanato made their first contribution in #102
- @dependabot made their first contribution in #101
Full Changelog: v0.8.0...v0.9.0
Contributors
tstromberg, mattmoor, and 4 other contributors
Assets 2
v0.8.0
What's Changed
- diff: Use levenshtein score to approximate moves. by @mattmoor in #80
- rules: Increasingly paranoid rules based on xz analysis by @tstromberg in #82
- rules: Update to YARA Forge Rule Set Release 20240331 by @tstromberg in #83
New Contributors
Full Changelog: v0.7.0...v0.8.0
Contributors
tstromberg and mattmoor
Assets 2
v0.7.0
What's Changed
- Introduce per-file risk scores, reverse sort behaviors by @tstromberg in #73
- Cleanup rules for packers, weird hostnames, relative paths, and interface listing by @tstromberg in #74
- Improve rules based on requirementstxxt PyPI analysis by @tstromberg in #76
- Rule tuning from PyPI & Homebrew analysis by @tstromberg in #77
Full Changelog: v0.6.0...v0.7.0
Contributors
tstromberg
Assets 2
v0.6.0
What's Changed
- Improve packed ELF detection by @tstromberg in #71
- Update based on AcidPour analysis by @tstromberg in #67
- Improve rules based on analysis of trojan.stealer/amos by @tstromberg in #68
- Tune rules based on ua-parser-js analysis by @tstromberg in #69
- Improve suspicious eval() detection in scripting languages by @tstromberg in #70
Full Changelog: v0.5.0...v0.6.0
Contributors
tstromberg
Assets 2
v0.5.0
What's Changed
It's our biggest release yet! With the latest additions, bincapz now implements all of the features you might need to monitor CI/CD artifacts. Enjoy!
New Features!
- Add 'diff' implementation (--diff flag) by @tstromberg in #51
- Add markdown rendering, refactor renderer handling by @tstromberg in #53
Improvements
- Improve rules through hCrypto analysis, update README by @tstromberg in #45
- Improve rules through laysound PyPi analysis by @tstromberg in #46
- Improve rules through Magnet Goblin analysis by @tstromberg in #47
- Make table output more concise & magical by @tstromberg in #44
- Simplify table output by @tstromberg in #48
- More rule and output tuning from local malware analysis by @tstromberg in #49
- Increase risk width by 1 to include diff marker by @tstromberg in #52
- Shorten terminal rendering width by @tstromberg in #56
- Update to latest YaraFORGE ruleset by @tstromberg in #50
Bugfixes
- test cleanup: Add tests for markdown, simple & diff by @tstromberg in #54
- Improve Markdown titles, add tests by @tstromberg in #55
Full Changelog: v0.4.1...v0.5.0
Contributors
tstromberg
Assets 2
v0.4.1
Contributors
tstromberg