CAPE-parsers 0.1.50__tar.gz → 0.1.52__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (116) hide show
  1. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/PKG-INFO +4 -2
  2. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/AgentTesla.py +7 -1
  3. cape_parsers-0.1.50/cape_parsers/CAPE/community/monsterv2.py → cape_parsers-0.1.52/cape_parsers/CAPE/community/MonsterV2.py +6 -9
  4. cape_parsers-0.1.52/cape_parsers/CAPE/community/MyKings.py +52 -0
  5. cape_parsers-0.1.52/cape_parsers/CAPE/community/WinosStager.py +75 -0
  6. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/pyproject.toml +1 -1
  7. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/LICENSE +0 -0
  8. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/README.md +0 -0
  9. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/__init__.py +0 -0
  10. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Amadey.py +0 -0
  11. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Arkei.py +0 -0
  12. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/AsyncRAT.py +0 -0
  13. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/AuroraStealer.py +0 -0
  14. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Carbanak.py +0 -0
  15. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/CobaltStrikeBeacon.py +0 -0
  16. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/CobaltStrikeStager.py +0 -0
  17. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/DCRat.py +0 -0
  18. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Fareit.py +0 -0
  19. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/KoiLoader.py +0 -0
  20. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/LokiBot.py +0 -0
  21. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Lumma.py +0 -0
  22. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/NanoCore.py +0 -0
  23. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Nighthawk.py +0 -0
  24. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Njrat.py +0 -0
  25. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/PhemedroneStealer.py +0 -0
  26. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/QuasarRAT.py +0 -0
  27. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/README.md +0 -0
  28. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Snake.py +0 -0
  29. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/SparkRAT.py +0 -0
  30. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/Stealc.py +0 -0
  31. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/VenomRAT.py +0 -0
  32. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/XWorm.py +0 -0
  33. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/XenoRAT.py +0 -0
  34. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/community/__init__.py +0 -0
  35. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/AdaptixBeacon.py +0 -0
  36. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/AuraStealer.py +0 -0
  37. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Azorult.py +0 -0
  38. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/BitPaymer.py +0 -0
  39. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/BlackDropper.py +0 -0
  40. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Blister.py +0 -0
  41. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/BruteRatel.py +0 -0
  42. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/BumbleBee.py +0 -0
  43. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/DarkGate.py +0 -0
  44. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/DoppelPaymer.py +0 -0
  45. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/DridexLoader.py +0 -0
  46. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Formbook.py +0 -0
  47. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/GuLoader.py +0 -0
  48. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/IcedID.py +0 -0
  49. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/IcedIDLoader.py +0 -0
  50. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Latrodectus.py +0 -0
  51. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Oyster.py +0 -0
  52. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/PikaBot.py +0 -0
  53. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/PlugX.py +0 -0
  54. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/QakBot.py +0 -0
  55. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Quickbind.py +0 -0
  56. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/README.md +0 -0
  57. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/RedLine.py +0 -0
  58. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Remcos.py +0 -0
  59. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Rhadamanthys.py +0 -0
  60. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/SmokeLoader.py +0 -0
  61. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Socks5Systemz.py +0 -0
  62. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/SquirrelWaffle.py +0 -0
  63. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Strrat.py +0 -0
  64. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/WarzoneRAT.py +0 -0
  65. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/Zloader.py +0 -0
  66. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/__init__.py +0 -0
  67. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/CAPE/core/test_cape.py +0 -0
  68. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/RATDecoders/README.md +0 -0
  69. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/RATDecoders/__init__.py +0 -0
  70. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/RATDecoders/test_rats.py +0 -0
  71. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/__init__.py +0 -0
  72. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/BackOffLoader.py +0 -0
  73. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/BackOffPOS.py +0 -0
  74. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/BlackNix.py +0 -0
  75. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/BuerLoader.py +0 -0
  76. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/ChChes.py +0 -0
  77. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Emotet.py +0 -0
  78. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Enfal.py +0 -0
  79. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/EvilGrab.py +0 -0
  80. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Greame.py +0 -0
  81. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Hancitor.py +0 -0
  82. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/HttpBrowser.py +0 -0
  83. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/JavaDropper.py +0 -0
  84. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Nymaim.py +0 -0
  85. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Pandora.py +0 -0
  86. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/PoisonIvy.py +0 -0
  87. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/PredatorPain.py +0 -0
  88. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Punisher.py +0 -0
  89. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/RCSession.py +0 -0
  90. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/REvil.py +0 -0
  91. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/RedLeaf.py +0 -0
  92. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Retefe.py +0 -0
  93. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/Rozena.py +0 -0
  94. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/SmallNet.py +0 -0
  95. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/TSCookie.py +0 -0
  96. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/TrickBot.py +0 -0
  97. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/UrsnifV3.py +0 -0
  98. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/_ShadowTech.py +0 -0
  99. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/_VirusRat.py +0 -0
  100. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/_jRat.py +0 -0
  101. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/unrecom.py +0 -0
  102. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/deprecated/xRAT.py +0 -0
  103. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/malduck/LICENSE +0 -0
  104. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/malduck/README.md +0 -0
  105. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/malduck/__init__.py +0 -0
  106. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/malduck/test_malduck.py +0 -0
  107. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/mwcp/README.md +0 -0
  108. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/mwcp/__init__.py +0 -0
  109. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/mwcp/test_mwcp.py +0 -0
  110. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/__init__.py +0 -0
  111. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/aplib.py +0 -0
  112. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/blzpack.py +0 -0
  113. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/blzpack_lib.so +0 -0
  114. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/dotnet_utils.py +0 -0
  115. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/lznt1.py +0 -0
  116. {cape_parsers-0.1.50 → cape_parsers-0.1.52}/cape_parsers/utils/strings.py +0 -0
@@ -1,8 +1,9 @@
1
- Metadata-Version: 2.3
1
+ Metadata-Version: 2.4
2
2
  Name: CAPE-parsers
3
- Version: 0.1.50
3
+ Version: 0.1.52
4
4
  Summary: CAPE: Malware Configuration Extraction
5
5
  License: MIT
6
+ License-File: LICENSE
6
7
  Keywords: cape,parsers,malware,configuration
7
8
  Author: Kevin O'Reilly
8
9
  Author-email: kev@capesandbox.com
@@ -13,6 +14,7 @@ Classifier: Programming Language :: Python :: 3.10
13
14
  Classifier: Programming Language :: Python :: 3.11
14
15
  Classifier: Programming Language :: Python :: 3.12
15
16
  Classifier: Programming Language :: Python :: 3.13
17
+ Classifier: Programming Language :: Python :: 3.14
16
18
  Provides-Extra: maco
17
19
  Requires-Dist: capstone (>=4.0.2)
18
20
  Requires-Dist: dncil (>=1.0.2)
@@ -9,6 +9,7 @@ except ImportError as e:
9
9
  def extract_config(data: bytes):
10
10
  config = {}
11
11
  config_dict = {}
12
+ is_c2_found = False
12
13
  with suppress(Exception):
13
14
  if data[:2] == b"MZ":
14
15
  lines = extract_strings(data=data, on_demand=True, minchars=3)
@@ -25,11 +26,13 @@ def extract_config(data: bytes):
25
26
  config_dict["Protocol"] = "Telegram"
26
27
  config["CNCs"] = lines[base + x]
27
28
  config_dict["Password"] = lines[base + x + 1]
29
+ is_c2_found = True
28
30
  break
29
31
  # Data Exfiltration via Discord
30
32
  elif "discord" in lines[base + x]:
31
33
  config_dict["Protocol"] = "Discord"
32
34
  config["CNCs"] = [lines[base + x]]
35
+ is_c2_found = True
33
36
  break
34
37
  # Data Exfiltration via FTP
35
38
  elif "ftp:" in lines[base + x]:
@@ -38,6 +41,7 @@ def extract_config(data: bytes):
38
41
  username = lines[base + x + 1]
39
42
  password = lines[base + x + 2]
40
43
  config["CNCs"] = [f"ftp://{username}:{password}@{hostname}"]
44
+ is_c2_found = True
41
45
  break
42
46
  # Data Exfiltration via SMTP
43
47
  elif "@" in lines[base + x]:
@@ -52,10 +56,12 @@ def extract_config(data: bytes):
52
56
  config_dict["Password"] = lines[base + x + 1]
53
57
  if "@" in lines[base + x + 2]:
54
58
  config_dict["EmailTo"] = lines[base + x + 2]
59
+ is_c2_found = True
55
60
  break
56
61
  # Get Persistence Payload Filename
57
62
  for x in range(2, 22):
58
- if ".exe" in lines[base + x]:
63
+ # Only extract Persistence Filename when a C2 is detected.
64
+ if ".exe" in lines[base + x] and is_c2_found:
59
65
  config_dict["Persistence_Filename"] = lines[base + x]
60
66
  break
61
67
  # Get External IP Check Services
@@ -14,15 +14,12 @@ RULE_SOURCE = """rule MonsterV2Config
14
14
  author = "doomedraven,YungBinary"
15
15
  strings:
16
16
  $chunk_1 = {
17
- 41 B8 ?? ?? ?? ??
18
- 48 8D 15 ?? ?? ?? ??
19
- 48 8B CB
20
- E8 ?? ?? ?? ??
21
- 48 8D 83 ?? ?? ?? ??
22
- 48 89 44 24 ??
23
- 48 89 6C 24 ??
24
- 4C 8B C7
25
- 48 8D 54 24 ??
17
+ 41 B8 0E 04 00 00
18
+ 48 8D 15 ?? ?? ?? 00
19
+ 48 8B C?
20
+ E8 ?? ?? ?? ?? [3-17]
21
+ 4C 8B C?
22
+ 48 8D 54 24 28
26
23
  48 8B CE
27
24
  E8 ?? ?? ?? ??
28
25
  }
@@ -0,0 +1,52 @@
1
+ """
2
+ Description: MyKings AKA Smominru config parser
3
+ Author: x.com/YungBinary
4
+ """
5
+
6
+ from contextlib import suppress
7
+ import json
8
+ import re
9
+ import base64
10
+
11
+
12
+ def contains_non_printable(byte_array):
13
+ for byte in byte_array:
14
+ if not chr(byte).isprintable():
15
+ return True
16
+ return False
17
+
18
+
19
+ def extract_base64_strings(data: bytes, minchars: int, maxchars: int) -> list:
20
+ pattern = b"([A-Za-z0-9+/=]{" + str(minchars).encode() + b"," + str(maxchars).encode() + b"})\x00{4}"
21
+ strings = []
22
+ for string in re.findall(pattern, data):
23
+ decoded_string = base64_and_printable(string.decode())
24
+ if decoded_string:
25
+ strings.append(decoded_string)
26
+ return strings
27
+
28
+
29
+ def base64_and_printable(b64_string: str):
30
+ with suppress(Exception):
31
+ decoded_bytes = base64.b64decode(b64_string)
32
+ if not contains_non_printable(decoded_bytes):
33
+ return decoded_bytes.decode('ascii')
34
+
35
+
36
+ def extract_config(data: bytes) -> dict:
37
+ config_dict = {}
38
+ with suppress(Exception):
39
+ cncs = extract_base64_strings(data, 12, 60)
40
+ if cncs:
41
+ # as they don't have schema they going under raw
42
+ config_dict["raw"] = {"CNCs": cncs}
43
+ return config_dict
44
+
45
+ return {}
46
+
47
+
48
+ if __name__ == "__main__":
49
+ import sys
50
+
51
+ with open(sys.argv[1], "rb") as f:
52
+ print(json.dumps(extract_config(f.read()), indent=4))
@@ -0,0 +1,75 @@
1
+ """
2
+ Description: Winos 4.0 "OnlineModule" config parser
3
+ Author: x.com/YungBinary
4
+ """
5
+
6
+ from contextlib import suppress
7
+ import re
8
+
9
+
10
+ CONFIG_KEY_MAP = {
11
+ "dd": "execution_delay_seconds",
12
+ "cl": "communication_interval_seconds",
13
+ "bb": "version",
14
+ "bz": "comment",
15
+ "jp": "keylogger",
16
+ "bh": "end_bluescreen",
17
+ "ll": "anti_traffic_monitoring",
18
+ "dl": "entrypoint",
19
+ "sh": "process_daemon",
20
+ "kl": "process_hollowing"
21
+ }
22
+
23
+
24
+ def find_config(data):
25
+ start = ":db|".encode("utf-16le")
26
+ end = ":1p|".encode("utf-16le")
27
+ pattern = re.compile(re.escape(start) + b".*?" + re.escape(end), re.DOTALL)
28
+ match = pattern.search(data)
29
+ if match:
30
+ return match.group(0).decode("utf-16le")
31
+
32
+
33
+ def extract_config(data: bytes) -> dict:
34
+ config_dict = {}
35
+ final_config = {}
36
+
37
+ with suppress(Exception):
38
+ config = find_config(data)
39
+ if not config:
40
+ return config_dict
41
+
42
+ # Reverse the config string, which is delimited by '|'
43
+ config = config[::-1]
44
+ # Remove leading/trailing pipes and split into key/value pairs
45
+ elements = [element for element in config.strip('|').split('|') if ':' in element]
46
+ # Split each element for key : value in a dictionary
47
+ config_dict = dict(element.split(':', 1) for element in elements)
48
+ if config_dict:
49
+ # Handle extraction and formatting of CNCs
50
+ for i in range(1, 4):
51
+ p, o, t = config_dict.get(f"p{i}"), config_dict.get(f"o{i}"), config_dict.get(f"t{i}")
52
+ if p and p != "127.0.0.1" and o:
53
+ protocol = {"0": "udp", "1": "tcp"}.get(t)
54
+ if protocol:
55
+ cnc = f"{protocol}://{p}:{o}"
56
+ final_config.setdefault("CNCs", []).append(cnc)
57
+
58
+ if "CNCs" not in final_config:
59
+ return {}
60
+
61
+ final_config["CNCs"] = list(set(final_config["CNCs"]))
62
+ # Extract campaign ID
63
+ final_config["campaign_id"] = "default" if config_dict["fz"] == "\u9ed8\u8ba4" else config_dict["fz"]
64
+
65
+ # Map keys, e.g. dd -> execution_delay_seconds
66
+ final_config["raw"] = {v: config_dict[k] for k, v in CONFIG_KEY_MAP.items() if k in config_dict}
67
+
68
+ return final_config
69
+
70
+
71
+ if __name__ == "__main__":
72
+ import sys
73
+
74
+ with open(sys.argv[1], "rb") as f:
75
+ print(extract_config(f.read()))
@@ -1,6 +1,6 @@
1
1
  [tool.poetry]
2
2
  name = "CAPE-parsers"
3
- version = "0.1.50"
3
+ version = "0.1.52"
4
4
  description = "CAPE: Malware Configuration Extraction"
5
5
  authors = ["Kevin O'Reilly <kev@capesandbox.com>", "doomedraven <doomedraven@capesandbox.com>"]
6
6
  license = "MIT"
File without changes
File without changes