PyPI - CAPE-parsers - Versions diffs - 0.1.36__tar.gz → 0.1.38__tar.gz - Mend

CAPE-parsers 0.1.36tar.gz → 0.1.38tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: CAPE-parsers
-Version: 0.1.36
+Version: 0.1.38
 Summary: CAPE: Malware Configuration Extraction
 License: MIT
 Keywords: cape,parsers,malware,configuration

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Lumma.py RENAMED Viewed

@@ -3,10 +3,10 @@ import json
 import re
 import struct
 from contextlib import suppress
 import pefile
 import yara
 RULE_SOURCE_BUILD_ID = """rule LummaBuildId
 {
     meta:
@@ -37,6 +37,42 @@ RULE_SOURCE_LUMMA = """rule LummaConfig
         $chunk_1
 }"""
+RULE_SOURCE_LUMMA_NEW_KEYS = """rule LummaConfigNewKeys
+{
+    meta:
+        author = "YungBinary"
+    strings:
+        $key_nonce = {
+            88 44 24 ??
+            B8 ?? ?? ?? ??
+            BF ?? ?? ?? ??
+            B9 08 00 00 00
+            96
+            F3 A5
+            96
+            B8 ?? ?? ?? ??
+        }
+    condition:
+        uint16(0) == 0x5A4D and $key_nonce
+}"""
+RULE_SOURCE_LUMMA_NEW_ENCRYPTED_C2 = """rule LummaConfigNewEncryptedStrings
+{
+    meta:
+        author = "YungBinary"
+    strings:
+        $encrypted_array = {
+            0F B6 C?
+            C1 E0 07
+            8D 80 ?? ?? ?? ??
+            8D 74 24 10
+            FF
+        }
+    condition:
+        uint16(0) == 0x5A4D and $encrypted_array
+}"""
 def yara_scan_generator(raw_data, rule_source):
     yara_rules = yara.compile(source=rule_source)
@@ -225,6 +261,15 @@ def get_build_id(pe, data):
             continue
     return build_id
+def get_build_id_new(data):
+    build_id = ""
+    pattern = b'123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\x00'
+    offset = data.find(pattern)
+    if offset != -1:
+        build_id = data[offset + len(pattern):].split(b'\x00', 1)[0]
+        build_id = build_id.decode()
+    return build_id
 def extract_config(data):
     config_dict = {"C2": []}
@@ -236,32 +281,73 @@ def extract_config(data):
         pe = pefile.PE(data=data, fast_load=True)
         image_base = pe.OPTIONAL_HEADER.ImageBase
-    offset = yara_scan(data, RULE_SOURCE_LUMMA)
-    if offset:
-        key = data[offset + 16 : offset + 48]
-        nonce = b"\x00\x00\x00\x00" + data[offset + 48 : offset + 56]
-        for i in range(9):
-            try:
-                start_offset = offset + 56 + (i * 4)
-                end_offset = start_offset + 4
-                c2_dword_rva = struct.unpack('i', data[start_offset : end_offset])[0]
-                if pe:
-                    c2_dword_offset = pe.get_offset_from_rva(c2_dword_rva - image_base)
-                else:
-                    c2_dword_offset = c2_dword_rva - image_base
+    # Parse the latest version
+    key = None
+    nonce = None
+    for offset in yara_scan_generator(data, RULE_SOURCE_LUMMA_NEW_KEYS):
+        key_rva = struct.unpack('i', data[offset + 5 : offset + 9])[0]
+        key_offset = pe.get_offset_from_rva(key_rva - image_base)
+        key = data[key_offset : key_offset + 32]
+        nonce_rva = struct.unpack('i', data[offset + 24 : offset + 28])[0]
+        nonce_offset = pe.get_offset_from_rva(nonce_rva - image_base)
+        nonce = b'\x00\x00\x00\x00' + data[nonce_offset : nonce_offset + 8]
+    if key and nonce:
+        for offset in yara_scan_generator(data, RULE_SOURCE_LUMMA_NEW_ENCRYPTED_C2):
+            encrypted_strings_rva = struct.unpack('i', data[offset + 8 : offset + 12])[0]
+            encrypted_strings_offset = pe.get_offset_from_rva(encrypted_strings_rva - image_base)
+            step_size = 0x80
+            counter = 2
+            for i in range(12):
+                encrypted_string = data[encrypted_strings_offset:encrypted_strings_offset+40]
+                decoded_c2 = chacha20_xor(encrypted_string, key, nonce, counter).split(b'\x00', 1)[0]
+                if contains_non_printable(decoded_c2):
+                    break
+                config_dict["C2"].append(decoded_c2.decode())
+                encrypted_strings_offset = encrypted_strings_offset + step_size
+                counter += 2
+        if config_dict["C2"]:
+            # If found C2 servers try to find build ID
+            build_id = get_build_id_new(data)
+            if build_id:
+                config_dict["Build ID"] = build_id
+    # If no C2s try with the version after Jan 21, 2025
+    if not config_dict["C2"]:
+        offset = yara_scan(data, RULE_SOURCE_LUMMA)
+        if offset:
+            key = data[offset + 16 : offset + 48]
+            nonce = b"\x00\x00\x00\x00" + data[offset + 48 : offset + 56]
-                c2_encrypted = data[c2_dword_offset : c2_dword_offset + 0x80]
-                counters = [0, 2, 4, 6, 8, 10, 12, 14, 16]
-                for counter in counters:
-                    decrypted = chacha20_xor(c2_encrypted, key, nonce, counter)
-                    c2 = extract_c2_domain(decrypted)
-                    if c2 is not None and len(c2) > 10:
-                        config_dict["C2"].append(c2.decode())
-                        break
+            for i in range(9):
+                try:
+                    start_offset = offset + 56 + (i * 4)
+                    end_offset = start_offset + 4
+                    c2_dword_rva = struct.unpack('i', data[start_offset : end_offset])[0]
+                    if pe:
+                        c2_dword_offset = pe.get_offset_from_rva(c2_dword_rva - image_base)
+                    else:
+                        c2_dword_offset = c2_dword_rva - image_base
+                    c2_encrypted = data[c2_dword_offset : c2_dword_offset + 0x80]
+                    counters = [0, 2, 4, 6, 8, 10, 12, 14, 16]
+                    for counter in counters:
+                        decrypted = chacha20_xor(c2_encrypted, key, nonce, counter)
+                        c2 = extract_c2_domain(decrypted)
+                        if c2 is not None and len(c2) > 10:
+                            config_dict["C2"].append(c2.decode())
+                            break
-            except Exception:
-                continue
+                except Exception:
+                    continue
+        if config_dict["C2"] and pe is not None:
+            # If found C2 servers try to find build ID
+            build_id = get_build_id(pe, data)
+            if build_id:
+                config_dict["Build ID"] = build_id
     # If no C2s try with version prior to Jan 21, 2025
@@ -293,11 +379,12 @@ def extract_config(data):
         except Exception:
             return
-    if config_dict["C2"] and pe is not None:
-        # If found C2 servers try to find build ID
-        build_id = get_build_id(pe, data)
-        if build_id:
-            config_dict["Build ID"] = build_id
+        if config_dict["C2"] and pe is not None:
+            # If found C2 servers try to find build ID
+            build_id = get_build_id(pe, data)
+            if build_id:
+                config_dict["Build ID"] = build_id
     return config_dict

cape_parsers-0.1.38/cape_parsers/CAPE/core/AdaptixBeacon.py ADDED Viewed

@@ -0,0 +1,102 @@
+import logging
+import struct
+from contextlib import suppress
+import pefile
+from Cryptodome.Cipher import ARC4
+log = logging.getLogger(__name__)
+DESCRIPTION = "Adaptix beacon configuration parser."
+AUTHOR = "enzok"
+def parse_http_config(rc4_key: bytes, data: bytes) -> dict:
+    config = {}
+    offset = 0
+    servers = []
+    ports = []
+    def read(fmt: str):
+        nonlocal offset
+        size = struct.calcsize(fmt)
+        value = struct.unpack_from(fmt, data, offset)
+        offset += size
+        return value if len(value) > 1 else value[0]
+    def read_str(length: int):
+        nonlocal offset
+        value = data[offset:offset + length].decode("utf-8", errors="replace")
+        offset += length
+        return value
+    config["config_rc4_key"] = rc4_key.hex()
+    config["agent_type"] = f"{read('<I'):8X}"
+    config["use_ssl"] = read("<B")
+    host_count = read("<I")
+    for host in range(host_count):
+        host_length = read("<I")
+        servers.append(read_str(host_length).strip("\x00"))
+        ports.append(read("<I"))
+    config["servers"] = servers
+    config["ports"] = ports
+    method_length = read("<I")
+    config["http_method"] = read_str(method_length).strip("\x00")
+    uri_length = read("<I")
+    config["uri"] = read_str(uri_length).strip("\x00")
+    parameter_length = read("<I")
+    config["parameter"] = read_str(parameter_length).strip("\x00")
+    useragent_length = read("<I")
+    config["user_agent"] = read_str(useragent_length).strip("\x00")
+    headers_length = read("<I")
+    config["http_headers"] = read_str(headers_length).strip("\x00")
+    config["ans_pre_size"] = read("<I")
+    config["ans_size"] = read("<I")
+    config["kill_date"] = read("<I")
+    config["working_time"] = read("<I")
+    config["sleep_delay"] = read("<I")
+    config["jitter_delay"] = read("<I")
+    return config
+def extract_config(filebuf: bytes) -> dict:
+    pe = pefile.PE(data=filebuf, fast_load=True)
+    data_sections = [s for s in pe.sections if b".rdata" in s.Name]
+    if not data_sections:
+        return
+    data = data_sections[0].get_data()
+    data_len = len(data)
+    pos = 0
+    while pos + 4 <= data_len:
+        start_offset = pos
+        key_offset = struct.unpack_from("<I", data, pos)[0]
+        pos += 4
+        if pos + key_offset + 32 > data_len:
+            pos = start_offset + 1
+            continue
+        encrypted_data = data[pos:pos + key_offset]
+        pos += key_offset
+        rc4_key = data[pos:pos + 16]
+        if key_offset == 787:
+            pass
+        with suppress(Exception):
+            decrypted = ARC4.new(rc4_key).decrypt(encrypted_data)
+            if b"User-Agent" in decrypted:
+                return parse_http_config(rc4_key, decrypted)
+        pos = start_offset + 1
+    return None
+if __name__ == "__main__":
+    import sys
+    with open(sys.argv[1], "rb") as f:
+        print(extract_config(f.read()))

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "CAPE-parsers"
-version = "0.1.36"
+version = "0.1.38"
 description = "CAPE: Malware Configuration Extraction"
 authors = ["Kevin O'Reilly <kev@capesandbox.com>", "doomedraven <doomedraven@capesandbox.com>"]
 license = "MIT"

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/LICENSE RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/AgentTesla.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Arkei.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/AsyncRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/AuroraStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/BackOffLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/BackOffPOS.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/BlackNix.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Carbanak.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/CobaltStrikeBeacon.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/CobaltStrikeStager.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/DCRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Fareit.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Greame.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/KoiLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/LokiBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/NanoCore.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Nighthawk.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Njrat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Pandora.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/PhemedroneStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/PoisonIvy.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Punisher.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/QuasarRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/REvil.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Retefe.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Rozena.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/SmallNet.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Snake.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/SparkRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/Stealc.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/TSCookie.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/TrickBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/VenomRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/XWorm.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/XenoRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/community/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Azorult.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/BitPaymer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/BlackDropper.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Blister.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/BruteRatel.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/BuerLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/BumbleBee.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/ChChes.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/DarkGate.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/DoppelPaymer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/DridexLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Emotet.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Enfal.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/EvilGrab.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Formbook.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/GuLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/HttpBrowser.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/IcedID.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/IcedIDLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Latrodectus.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Oyster.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/PikaBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/PlugX.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/QakBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Quickbind.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/RCSession.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/RedLeaf.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/RedLine.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Remcos.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Rhadamanthys.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/SmokeLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Socks5Systemz.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/SquirrelWaffle.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Strrat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/UrsnifV3.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/WarzoneRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/Zloader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/CAPE/core/test_cape.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/RATDecoders/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/RATDecoders/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/RATDecoders/test_rats.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/Hancitor.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/JavaDropper.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/Nymaim.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/PredatorPain.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/_ShadowTech.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/_VirusRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/_jRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/unrecom.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/deprecated/xRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/malduck/LICENSE RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/malduck/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/malduck/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/malduck/test_malduck.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/mwcp/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/mwcp/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/mwcp/test_mwcp.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/aplib.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/blzpack.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/blzpack_lib.so RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/dotnet_utils.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/lznt1.py RENAMED Viewed

File without changes

{cape_parsers-0.1.36 → cape_parsers-0.1.38}/cape_parsers/utils/strings.py RENAMED Viewed

File without changes

CAPE-parsers 0.1.36__tar.gz → 0.1.38__tar.gz

CAPE-parsers 0.1.36tar.gz → 0.1.38tar.gz