PyPI - CAPE-parsers - Versions diffs - 0.1.47__tar.gz → 0.1.48__tar.gz - Mend

CAPE-parsers 0.1.47tar.gz → 0.1.48tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: CAPE-parsers
-Version: 0.1.47
+Version: 0.1.48
 Summary: CAPE: Malware Configuration Extraction
 License: MIT
 Keywords: cape,parsers,malware,configuration

cape_parsers-0.1.48/cape_parsers/CAPE/community/Amadey.py ADDED Viewed

@@ -0,0 +1,218 @@
+import base64
+import yara
+import pefile
+import json
+import struct
+import re
+RULE_SOURCE_KEY = """
+rule Amadey_Key_String
+{
+    meta:
+        author = "YungBinary"
+        description = "Find decryption key in Amadey."
+    strings:
+        $chunk_1 = {
+            6A 20
+            68 ?? ?? ?? ??
+            B9 ?? ?? ?? ??
+            E8 ?? ?? ?? ??
+            68 ?? ?? ?? ??
+            E8 ?? ?? ?? ??
+            59
+            C3
+        }
+    condition:
+        $chunk_1
+}
+"""
+RULE_SOURCE_ENCODED_STRINGS = """
+rule Amadey_Encoded_Strings
+{
+    meta:
+        author = "YungBinary"
+        description = "Find encoded strings in Amadey."
+    strings:
+        $chunk_1 = {
+            6A ??
+            68 ?? ?? ?? ??
+            B9 ?? ?? ?? ??
+            E8 ?? ?? ?? ??
+            68 ?? ?? ?? ??
+            E8 ?? ?? ?? ??
+            59
+            C3
+        }
+    condition:
+        $chunk_1
+}
+"""
+def contains_non_printable(byte_array):
+    for byte in byte_array:
+        if not chr(byte).isprintable():
+            return True
+    return False
+def yara_scan_generator(raw_data, rule_source):
+    yara_rules = yara.compile(source=rule_source)
+    matches = yara_rules.match(data=raw_data)
+    for match in matches:
+        for block in match.strings:
+            for instance in block.instances:
+                yield instance.offset, block.identifier
+def get_keys(pe, data):
+    image_base = pe.OPTIONAL_HEADER.ImageBase
+    keys = []
+    for offset, _ in yara_scan_generator(data, RULE_SOURCE_KEY):
+        try:
+            key_string_rva = struct.unpack('i', data[offset + 3 : offset + 7])[0]
+            key_string_dword_offset = pe.get_offset_from_rva(key_string_rva - image_base)
+            key_string = pe.get_string_from_data(key_string_dword_offset, data)
+            if b"=" not in key_string:
+                keys.append(key_string.decode())
+            if len(keys) == 2:
+                return keys
+        except Exception:
+            continue
+    return []
+def get_encoded_strings(pe, data):
+    encoded_strings = []
+    image_base = pe.OPTIONAL_HEADER.ImageBase
+    for offset, _ in yara_scan_generator(data, RULE_SOURCE_ENCODED_STRINGS):
+        try:
+            encoded_string_size = data[offset + 1]
+            encoded_string_rva = struct.unpack('i', data[offset + 3 : offset + 7])[0]
+            encoded_string_dword_offset = pe.get_offset_from_rva(encoded_string_rva - image_base)
+            encoded_string = pe.get_string_from_data(encoded_string_dword_offset, data)
+            # Make sure the string matches length from operand
+            if encoded_string_size != len(encoded_string):
+                continue
+            encoded_strings.append(encoded_string.decode())
+        except Exception:
+            continue
+    return encoded_strings
+def decode_amadey_string(key: str, encoded_str: str) -> bytes:
+    """
+    Decode Amadey encoded strings that look like base64
+    """
+    alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 "
+    decoded = ""
+    for i in range(len(encoded_str)):
+        if encoded_str[i] == "=":
+            decoded += "="
+            continue
+        index_1 = alphabet.index(encoded_str[i % len(encoded_str)])
+        index_2 = alphabet.index(key[i % len(key)])
+        index_result = (index_1 + (0x3F - index_2) + 0x3F) % 0x3F
+        decoded += alphabet[index_result]
+    decoded = base64.b64decode(decoded)
+    return decoded
+def find_campaign_id(data):
+    pattern = br'\x00\x00\x00([0-9a-f]{6})\x00\x00'
+    matches = re.findall(pattern, data)
+    if matches:
+        return matches[0]
+def extract_config(data):
+    pe = pefile.PE(data=data, fast_load=True)
+    # image_base = pe.OPTIONAL_HEADER.ImageBase
+    keys = get_keys(pe, data)
+    if not keys:
+        return {}
+    decode_key = keys[0]
+    rc4_key = keys[1]
+    encoded_strings = get_encoded_strings(pe, data)
+    decoded_strings = []
+    for encoded_string in encoded_strings:
+        try:
+            decoded_string = decode_amadey_string(decode_key, encoded_string)
+            if not decoded_string or contains_non_printable(decoded_string):
+                continue
+            decoded_strings.append(decoded_string.decode())
+        except Exception:
+            continue
+    if not decoded_strings:
+        return {}
+    decoded_strings = decoded_strings[:10]
+    final_config = {}
+    version = ""
+    install_dir = ""
+    install_file = ""
+    ip_pattern = r"^(?:\d{1,3}\.){3}\d{1,3}$"
+    version_pattern = r"^\d+\.\d{1,2}$"
+    install_dir_pattern = r"^[0-9a-f]{10}$"
+    i = 0
+    while i < len(decoded_strings):
+        s = decoded_strings[i]
+        if re.match(ip_pattern, s):
+            if i + 1 < len(decoded_strings):
+                path = decoded_strings[i+1]
+                final_config.setdefault("CNCs", []).append(f"http://{s}{path}")
+                i += 1  # Skip next element as it has been processed
+        elif re.match(version_pattern, s):
+            version = s
+        elif re.match(install_dir_pattern, s):
+            install_dir = s
+        elif s.endswith(".exe"):
+            install_file = s
+        i += 1
+    if version:
+        final_config["version"] = version
+    if install_dir:
+        final_config.setdefault("raw", {})["install_dir"] = install_dir
+    if install_file:
+        final_config.setdefault("raw", {})["install_file"] = install_file
+    final_config["cryptokey"] = rc4_key
+    final_config["cryptokey_type"] = "RC4"
+    campaign_id = find_campaign_id(data)
+    if campaign_id:
+        final_config["campaign_id"] = campaign_id.decode()
+    return final_config
+if __name__ == "__main__":
+    import sys
+    with open(sys.argv[1], "rb") as f:
+        print(json.dumps(extract_config(f.read()), indent=4))

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/CobaltStrikeBeacon.py RENAMED Viewed

@@ -360,11 +360,11 @@ class cobaltstrikeConfig:
             if parsed_setting == "Not Found" and quiet:
                 continue
             if not isinstance(parsed_setting, list):
-                log.debug("{: <{width}} - {val}".format(conf_name, width=COLUMN_WIDTH - 3, val=parsed_setting))
+                log.debug("{: <{width}} - {val}".format(conf_name, width=COLUMN_WIDTH - 3, val=parsed_setting)) # noqa: G001
             elif parsed_setting == []:
-                log.debug("{: <{width}} - {val}".format(conf_name, width=COLUMN_WIDTH - 3, val="Empty"))
+                log.debug("{: <{width}} - {val}".format(conf_name, width=COLUMN_WIDTH - 3, val="Empty")) # noqa: G001
             else:
-                log.debug("{: <{width}} - {val}".format(conf_name, width=COLUMN_WIDTH - 3, val=parsed_setting[0]))
+                log.debug("{: <{width}} - {val}".format(conf_name, width=COLUMN_WIDTH - 3, val=parsed_setting[0])) # noqa: G001
                 for val in parsed_setting[1:]:
                     log.debug(" " * COLUMN_WIDTH, end="")
                     print(val)

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/LokiBot.py RENAMED Viewed

@@ -23,7 +23,7 @@
 import re
 import struct
 import sys
+from contextlib import suppress
 import pefile
 from Cryptodome.Cipher import DES3
 from Cryptodome.Util.Padding import unpad
@@ -128,7 +128,8 @@ def decoder(data):
     else:
         x = bytearray(img)
-    url_re = rb"https?:\/\/[a-zA-Z0-9\/\.:?\-_]+"
+    # ToDo add \.php
+    url_re = rb"https?:\/\/[a-zA-Z0-9\/\.:?\-_]+\.php"
     urls = re.findall(url_re, x)
     if not urls:
         for i in range(len(x)):
@@ -144,21 +145,23 @@ def decoder(data):
     confs = find_conf(img)
     if iv and iv not in (b"", -1) and confs != []:
         for conf in confs:
-            try:
+            with suppress(ValueError):
                 dec = DES3.new(key, DES3.MODE_CBC, iv)
                 temp = dec.decrypt(conf)
                 temp = unpad(temp, 8)
-                urls.append(b"http://" + temp)
-            except ValueError:
-                # wrong padding
-                pass
+                if not temp.endswith(b".php"):
+                    continue
+                urls.append("http://" + temp.decod())
     return urls
 def extract_config(filebuf):
     urls = decoder(filebuf)
-    return {"CNCs": [url.decode() for url in urls]}
+    if urls:
+        return {"CNCs": urls}
+    else:
+        return {}
 if __name__ == "__main__":

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Lumma.py RENAMED Viewed

@@ -318,7 +318,7 @@ def extract_config(data):
                 decoded_c2 = chacha20_xor(encrypted_string, key, nonce, counter).split(b"\x00", 1)[0]
                 if contains_non_printable(decoded_c2):
                     break
-                config.setdefault("CNCs", []).append(decoded_c2.decode())
+                config.setdefault("CNCs", []).append("https://" + decoded_c2.decode())
                 encrypted_strings_offset = encrypted_strings_offset + step_size
                 counter += 2
@@ -351,7 +351,7 @@ def extract_config(data):
                         decrypted = chacha20_xor(c2_encrypted, key, nonce, counter)
                         c2 = extract_c2_domain(decrypted)
                         if c2 is not None and len(c2) > 10:
-                            config["CNCs"].append(c2.decode())
+                            config["CNCs"].append("https://" + c2.decode())
                             break
                 except Exception:
@@ -384,7 +384,7 @@ def extract_config(data):
                     decoded_c2 = xor_data(encoded_c2, xor_key)
                     if not contains_non_printable(decoded_c2):
-                        config.setdefault("CNCs", []).append(decoded_c2.decode())
+                        config.setdefault("CNCs", []).append("https://" + decoded_c2.decode())
                 except Exception as e:
                     print(e)
                     continue

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Snake.py RENAMED Viewed

@@ -133,7 +133,7 @@ def extract_config(data):
     try:
         dotnet_file = dnfile.dnPE(data=data)
     except Exception as e:
-        log.debug(f"Exception when attempting to parse .NET file: {e}")
+        log.debug("Exception when attempting to parse .NET file: %s", str(e))
         log.debug(traceback.format_exc())
     # ldstr, stsfld
@@ -165,7 +165,7 @@ def extract_config(data):
             else:
                 user_strings[field_name] = string_index
         except Exception as e:
-            log.debug(f"There was an exception parsing user strings: {e}")
+            log.debug("There was an exception parsing user strings: %s", str(e))
             log.debug(traceback.format_exc())
     if c2_type is None:

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/BumbleBee.py RENAMED Viewed

@@ -50,7 +50,7 @@ def extract_key_data(data, pe, key_match):
         # Read arbitrary number of byes from key offset and split on null bytes to extract key
         key = data[key_offset : key_offset + 0x40].split(b"\x00")[0]
     except Exception as e:
-        log.debug(f"There was an exception extracting the key: {e}")
+        log.debug("There was an exception extracting the key: %s", str(e))
         log.debug(traceback.format_exc())
         return False
     return key
@@ -70,7 +70,7 @@ def extract_config_data(data, pe, config_match):
         )
         campaign_id_ct = data[campaign_id_offset : campaign_id_offset + 0x10]
     except Exception as e:
-        log.debug(f"There was an exception extracting the campaign id: {e}")
+        log.debug("There was an exception extracting the campaign id: %s", str(e))
         log.debug(traceback.format_exc())
         return False, False, False
@@ -84,7 +84,7 @@ def extract_config_data(data, pe, config_match):
         )
         botnet_id_ct = data[botnet_id_offset : botnet_id_offset + 0x10]
     except Exception as e:
-        log.debug(f"There was an exception extracting the botnet id: {e}")
+        log.debug("There was an exception extracting the botnet id: %s", str(e))
         log.debug(traceback.format_exc())
         return False, False, False
@@ -99,7 +99,7 @@ def extract_config_data(data, pe, config_match):
         c2s_offset = pe.get_offset_from_rva(c2s_rva + int.from_bytes(config_match.group("c2s"), byteorder="little"))
         c2s_ct = data[c2s_offset : c2s_offset + 0x400]
     except Exception as e:
-        log.debug(f"There was an exception extracting the C2s: {e}")
+        log.debug("There was an exception extracting the C2s: %s", str(e))
         log.debug(traceback.format_exc())
         return False, False, False
@@ -243,7 +243,7 @@ def extract_config(data):
         if c2s:
             cfg["CNCs"] = list(ARC4.new(key).decrypt(c2s).split(b"\x00")[0].decode().split(","))
     except Exception as e:
-        log.error("This is broken: %s", str(e), exc_info=True)
+        log.exception("This is broken: %s", str(e))
     if not cfg:
         cfg = extract_2024(pe, data)

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Remcos.py RENAMED Viewed

@@ -211,7 +211,7 @@ def extract_config(filebuf):
                 config.setdefault("raw", {})[k] = v
     except Exception as e:
-        logger.error(f"Caught an exception: {e}")
+        logger.error("Caught an exception: %s", str(e))
     return config

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/__init__.py RENAMED Viewed

@@ -129,7 +129,7 @@ def load_malwareconfig_parsers() -> Tuple[bool, dict, ModuleType]:
     except ImportError:
         log.info("Missed RATDecoders -> poetry run pip install malwareconfig")
     except Exception as e:
-        log.error(e, exc_info=True)
+        log.exception(e)
     return False, False, False

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "CAPE-parsers"
-version = "0.1.47"
+version = "0.1.48"
 description = "CAPE: Malware Configuration Extraction"
 authors = ["Kevin O'Reilly <kev@capesandbox.com>", "doomedraven <doomedraven@capesandbox.com>"]
 license = "MIT"
@@ -27,7 +27,6 @@ unicorn = ">=2.1.1"
 rat-king-parser = ">=4.1.0"
 ruff = ">=0.7.2"
-# isort = ">=5.13.2"
 [tool.distutils.bdist_wheel]
 universal = false
@@ -36,8 +35,6 @@ universal = false
 maco = ["maco"]
 [tool.poetry.group.dev.dependencies]
-black = "^24.3.0"
-isort = "^5.10.1"
 pytest = "7.2.2"
 pytest-pretty = "1.1.0"
 pytest-cov = "3.0.0"
@@ -51,37 +48,11 @@ httpretty = "^1.1.4"
 func-timeout = "^4.3.5"
 pre-commit = "^2.19.0"
-# Doesnt work on github CI
-# [tool.poetry.requires-plugins]
-# poetry-plugin-export = ">=1.8"
-[tool.ruff]
-exclude = [
-    "./analyzer/linux/dbus_next",
-]
-[tool.black]
-line-length = 132
-include = "\\.py(_disabled)?$"
-[tool.isort]
-profile = "black"
-no_lines_before = ["FUTURE", "STDLIB"]
-line_length = 132
-supported_extensions = ["py", "py_disabled"]
-[tool.flake8]
-max-line-length = 132
-exclude = ".git,__pycache__,.cache,.venv"
 [tool.pytest.ini_options]
 pythonpath = ["."]
 testpaths = ["tests"]
 norecursedirs = "tests/zip_compound"
-[lint]
-select = ["E", "F"]
-ignore = ["E402","E501"]
+asyncio_mode = "auto"
 [tool.poetry-dynamic-versioning]
 enable = false # Master switch to enable the plugin
@@ -89,3 +60,40 @@ enable = false # Master switch to enable the plugin
 [build-system]
 requires = ["poetry-core>=1.0.0", "poetry-dynamic-versioning"]
 build-backend = "poetry.core.masonry.api"
+[tool.ruff]
+line-length = 132
+[tool.ruff.lint]
+select = [
+	"F",       # pyflakes
+	"E",       # pycodestyle errors
+	"W",       # pycodestyle warnings
+	# "I",       # isort
+	# "N",       # pep8-naming
+	"G",       # flake8-logging-format
+]
+ignore = [
+    "E501",    # ignore due to conflict with formatter
+    "N818",    # exceptions don't need the Error suffix
+    "E741",    # allow ambiguous variable names
+    "E402",
+    "W605",    # ToDo to fix - Invalid escape sequence
+]
+fixable = ["ALL"]
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+skip-magic-trailing-comma = false
+line-ending = "auto"
+[tool.ruff.lint.isort]
+known-first-party = ["libqtile", "test"]
+default-section = "third-party"
+[tool.mypy]
+warn_unused_configs = true

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/LICENSE RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/AgentTesla.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Arkei.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/AsyncRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/AuroraStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Carbanak.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/CobaltStrikeStager.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/DCRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Fareit.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/KoiLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/NanoCore.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Nighthawk.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Njrat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/PhemedroneStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/QuasarRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/SparkRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/Stealc.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/VenomRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/XWorm.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/XenoRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/community/monsterv2.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/AdaptixBeacon.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Azorult.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/BitPaymer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/BlackDropper.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Blister.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/BruteRatel.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/DarkGate.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/DoppelPaymer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/DridexLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Formbook.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/GuLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/IcedID.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/IcedIDLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Latrodectus.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Oyster.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/PikaBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/PlugX.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/QakBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Quickbind.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/RedLine.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Rhadamanthys.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/SmokeLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Socks5Systemz.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/SquirrelWaffle.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Strrat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/WarzoneRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/Zloader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/CAPE/core/test_cape.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/RATDecoders/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/RATDecoders/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/RATDecoders/test_rats.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/BackOffLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/BackOffPOS.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/BlackNix.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/BuerLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/ChChes.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Emotet.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Enfal.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/EvilGrab.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Greame.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Hancitor.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/HttpBrowser.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/JavaDropper.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Nymaim.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Pandora.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/PoisonIvy.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/PredatorPain.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Punisher.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/RCSession.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/REvil.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/RedLeaf.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Retefe.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/Rozena.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/SmallNet.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/TSCookie.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/TrickBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/UrsnifV3.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/_ShadowTech.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/_VirusRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/_jRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/unrecom.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/deprecated/xRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/malduck/LICENSE RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/malduck/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/malduck/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/malduck/test_malduck.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/mwcp/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/mwcp/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/mwcp/test_mwcp.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/aplib.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/blzpack.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/blzpack_lib.so RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/dotnet_utils.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/lznt1.py RENAMED Viewed

File without changes

{cape_parsers-0.1.47 → cape_parsers-0.1.48}/cape_parsers/utils/strings.py RENAMED Viewed

File without changes

CAPE-parsers 0.1.47__tar.gz → 0.1.48__tar.gz

CAPE-parsers 0.1.47tar.gz → 0.1.48tar.gz