Add SysWhispers2 detection & add 0x2e syscall detection

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

https://github.com/mandiant/capa/

Apache License 2.0

514 stars 157 forks source link

Add SysWhispers2 detection & add 0x2e syscall detection #888

Open Still34 opened 5 months ago

Still34 commented 5 months ago

Summary

This PR adds rudimentary support for detecting SysWhisper2 syscall list population and adding the 0x2e syscall used by the project to the nursery collection.