PyPI - CAPE-parsers - Versions diffs - 0.1.53__tar.gz → 0.1.55__tar.gz - Mend

CAPE-parsers 0.1.53tar.gz → 0.1.55tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: CAPE-parsers
-Version: 0.1.53
+Version: 0.1.55
 Summary: CAPE: Malware Configuration Extraction
 License: MIT
 License-File: LICENSE

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/KoiLoader.py RENAMED Viewed

@@ -118,8 +118,9 @@ def extract_config(data):
         encoded_payload = remove_nulls(encoded_payload, encoded_payload_size)
         decoded_payload = xor_data(encoded_payload, xor_key)
-        config["CNCs"] = find_c2(decoded_payload)
+        cncs = find_c2(decoded_payload)
+        if cncs and list(filter(cncs, None)):
+            config["CNCs"] = cncs
     return config

cape_parsers-0.1.55/cape_parsers/CAPE/core/NitroBunnyDownloader.py ADDED Viewed

@@ -0,0 +1,168 @@
+# Copyright (C) 2024 enzok
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import logging
+import struct
+import pefile
+import yara
+log = logging.getLogger(__name__)
+DESCRIPTION = "NitroBunnyDownloader configuration parser."
+AUTHOR = "enzok"
+yara_rule = """
+rule NitroBunnyDownloader
+{
+    meta:
+        author = "enzok"
+        description = "NitroBunnyDownloader Payload"
+        cape_type = "NitroBunnyDownloader Payload"
+        hash = "960e59200ec0a4b5fb3b44e6da763f5fec4092997975140797d4eec491de411b"
+    strings:
+        $config1 = {E8 [3] 00 41 B8 ?? ?? 00 00 48 8D 15 [3] 00 48 89 C1 48 89 ?? E8 [3] 00}
+        $config2 = {E8 [3] 00 48 8D 15 [3] 00 41 B8 ?? ?? 00 00 48 89 C1 48 89 ?? E8 [3] 00}
+        $string1 = "X-Amz-User-Agent:" wide
+        $string2 = "Amz-Security-Flag:" wide
+        $string3 = "/cart" wide
+        $string4 = "Cookie: " wide
+        $string5 = "wishlist" wide
+    condition:
+        uint16(0) == 0x5A4D and 1 of ($config*) and 2 of ($string*)
+}
+"""
+yara_rules = yara.compile(source=yara_rule)
+def yara_scan(raw_data):
+    try:
+        return yara_rules.match(data=raw_data)
+    except Exception as e:
+        print(e)
+        return None
+def read_dword(data, off):
+    if off + 4 > len(data):
+        raise ValueError(f"EOF reading dword at {off}")
+    val = struct.unpack_from("<I", data, off)[0]
+    return val, off + 4
+def read_qword(data, off):
+    """Read a 64-bit unsigned little-endian value."""
+    if off + 8 > len(data):
+        raise ValueError(f"EOF reading qword at {off}")
+    val = struct.unpack_from("<Q", data, off)[0]
+    return val, off + 8
+def read_utf16le_string(data, off, length):
+    if off + length > len(data):
+        raise ValueError(f"EOF reading string at {off} len={length}")
+    raw = data[off:off + length]
+    s = raw.decode("utf-16le", errors="replace").rstrip("\x00")
+    return s, off + length
+def read_string_list(data, off, count):
+    items = []
+    for i in range(count):
+        length_words, off = read_qword(data, off)
+        s, off = read_utf16le_string(data, off, length_words)
+        items.append(s)
+    return items, off
+def extract_config(filebuf):
+    yara_hit = yara_scan(filebuf)
+    if not yara_hit:
+        return None
+    cfg = {}
+    config_code_offset = None
+    config_size_offset = None
+    config_offset = None
+    rva_offset = None
+    for hit in yara_hit:
+        if hit.rule != "NitroBunnyDownloader":
+            continue
+        for item in hit.strings:
+            for instance in item.instances:
+                if item.identifier == "$config1":
+                    config_code_offset = instance.offset
+                    config_size_offset = 7
+                    config_offset= 14
+                    rva_offset = 18
+                    break
+                elif item.identifier == "$config2":
+                    config_code_offset = instance.offset
+                    config_size_offset = 14
+                    config_offset= 8
+                    rva_offset = 12
+                    break
+            if config_code_offset:
+                break
+    if config_code_offset is None:
+        return None
+    try:
+        pe = pefile.PE(data=filebuf, fast_load=True)
+        config_length = pe.get_dword_from_offset(config_code_offset + config_size_offset)
+        config = pe.get_dword_from_offset(config_code_offset + config_offset)
+        rva = pe.get_rva_from_offset(config_code_offset + rva_offset)
+        config_rva = rva + config
+        data = pe.get_data(config_rva, config_length)
+        off = 0
+        raw = cfg["raw"] = {}
+        port, off = read_dword(data, off)
+        num, off = read_dword(data, off)
+        cncs, off = read_string_list(data, off, num)
+        num, off = read_qword(data, off)
+        raw["user_agent"], off = read_utf16le_string(data, off, num)
+        num, off = read_dword(data, off)
+        raw["http_header_items"], off = read_string_list(data, off, num)
+        num, off = read_dword(data, off)
+        raw["uri_list"], off = read_string_list(data, off, num)
+        raw["unknown_1"], off = read_dword(data, off)
+        raw["unknown_2"], off = read_dword(data, off)
+        if cncs:
+            cfg["CNCs"] = []
+            schema = {80: "http", 443: "https"}.get(port, "tcp")
+            for cnc in cncs:
+                cnc = f"{schema}://{cnc}"
+                if port not in (80, 443):
+                    cnc += f":{port}"
+                cfg["CNCs"].append(cnc)
+    except Exception as e:
+        log.error("Error: %s", e)
+        return None
+    return cfg
+if __name__ == "__main__":
+    import sys
+    with open(sys.argv[1], "rb") as f:
+        print(extract_config(f.read()))

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Rhadamanthys.py RENAMED Viewed

@@ -7,6 +7,15 @@ import json
 DESCRIPTION = "Rhadamanthys parser"
 AUTHOR = "kevoreilly, YungBinary"
+CUSTOM_ALPHABETS = [
+    b"3Fijkbc|l4NOPQRSTUVWXY567DdewxEqrstuvyz-ABC1fghop2mnGHIJKLMZ089a", # 0.9.3
+    b"4NOPQRSTUVWXY567DdeEqrstuvwxyz-ABC1fghop23Fijkbc|lmnGHIJKLMZ089a", # 0.9.2
+    b"ABC1fghijklmnop234NOPQRSTUVWXY567DEFGHIJKLMZ089abcdeqrstuvwxyz-|", # 0.9.X
+]
+CHACHA_KEY = b"\x52\xAB\xDF\x06\xB6\xB1\x3A\xC0\xDA\x2D\x22\xDC\x6C\xD2\xBE\x6C\x20\x17\x69\xE0\x12\xB5\xE6\xEC\x0E\xAB\x4C\x14\x73\x4A\xED\x51"
+CHACHA_NONCE = b"\x5F\x14\xD7\x9C\xFC\xFC\x43\x9E\xC3\x40\x6B\xBA"
 def mask32(x):
     return x & 0xFFFFFFFF
@@ -150,6 +159,8 @@ def lzo_noheader_decompress(data: bytes, decompressed_size: int):
         ctrl = data[src]
         src += 1
+        # Special short match
+        # Copies exactly 3 bytes from dst starting match_len + 1 bytes back.
         if ctrl == 0x20:
             match_len = data[src]
             src += 1
@@ -159,21 +170,28 @@ def lzo_noheader_decompress(data: bytes, decompressed_size: int):
             dst.extend(dst[start:end])
         elif ctrl >= 0xE0 or ctrl == 0x40:
-            x = ((ctrl >> 5) - 1) + 3
-            if ctrl >= 0xE0:
-                copy_len = data[src] + x
-            elif ctrl == 0x40:
-                copy_len = x
-            start = data[src + 1]
-            if ctrl == 0x40:
-                start = data[src]
+            # Compute base copy length from the upper bits of ctrl
+            base_len = ((ctrl >> 5) - 1) + 3
             if ctrl >= 0xE0:
+                # Long copy: extra length byte follows
+                copy_len = base_len + data[src]
+                # Offset is byte after
+                start = data[src + 1]
                 src += 2
             elif ctrl == 0x40:
+                # Short copy: offset byte after control code
+                copy_len = base_len
+                start = data[src]
                 src += 1
+            # Calculate offset in output buffer
             offset = len(dst) - start - 1
             #print(f"Control code: {hex(ctrl)}, Offset backtrack length: {hex(start)}, Current offset: {hex(len(dst))}, New offset: {hex(len(dst) - start)}, Length to copy: {hex(copy_len)}")
-            dst.extend(dst[offset:offset+copy_len])
+            # Copy from previously decompressed data
+            dst.extend(dst[offset:offset + copy_len])
         else:
             # Literal run
@@ -231,62 +249,71 @@ def parse_compression_header(config: bytes):
     }
+def handle_encrypted_string(encrypted_string: str) -> list:
+    """
+    Args:
+        encrypted_string: a str representing
+    Returns:
+        Command and Control server list, may be empty
+    """
+    for alphabet in CUSTOM_ALPHABETS:
+        try:
+            custom_b64_decoded = custom_b64decode(encrypted_string, alphabet)
+            xor_key = chacha20_xor(custom_b64_decoded, CHACHA_KEY, CHACHA_NONCE)
+            # Decrypted, may still be the compressed malware configuration
+            config = decrypt_config(xor_key)
+            # First byte should be 0xFF
+            if config[0] != 0xFF:
+                continue
+            # Attempt to extract C2 url, only works in version prior to 0.9.2
+            c2_url = extract_c2_url(config)
+            if c2_url:
+                return [c2_url]
+            # Parse header
+            parsed = parse_compression_header(config)
+            if not parsed:
+                continue
+            # Decompress LZO-like compression
+            decompressed = lzo_noheader_decompress(parsed['compressed_data'], parsed['decompressed_size'])
+            pattern = re.compile(b'.' + bytes([decompressed[1]]))
+            cncs = [f"https://{chunk.decode()}" for chunk in pattern.split(decompressed) if chunk]
+            return cncs
+        except Exception:
+            continue
+    return []
 def extract_config(data):
+    """
+    Extract Rhadamanthys malware configuration.
+    """
     config_dict = {}
+    # Extract very old variant
     magic = struct.unpack("I", data[:4])[0]
     if magic == 0x59485221:
         config_dict["CNCs"] = [data[24:].split(b"\0", 1)[0].decode()]
         return config_dict
-    else:
-        key = b"\x52\xAB\xDF\x06\xB6\xB1\x3A\xC0\xDA\x2D\x22\xDC\x6C\xD2\xBE\x6C\x20\x17\x69\xE0\x12\xB5\xE6\xEC\x0E\xAB\x4C\x14\x73\x4A\xED\x51"
-        nonce = b"\x5F\x14\xD7\x9C\xFC\xFC\x43\x9E\xC3\x40\x6B\xBA"
-        custom_alphabets = [
-            b"ABC1fghijklmnop234NOPQRSTUVWXY567DEFGHIJKLMZ089abcdeqrstuvwxyz-|",
-            b"4NOPQRSTUVWXY567DdeEqrstuvwxyz-ABC1fghop23Fijkbc|lmnGHIJKLMZ089a"
-        ]
-        # Extract base64 strings
-        extracted_strings = extract_base64_strings(data, 140, 256)
-        if not extracted_strings:
-            return config_dict
-        pattern = re.compile(b'.\x80')
-        for string in extracted_strings:
-            try:
-                custom_b64_decoded = custom_b64decode(string, custom_alphabets[0])
-                xor_key = chacha20_xor(custom_b64_decoded, key, nonce)
-                # Decrypted, but may still be the compressed malware configuration
-                config = decrypt_config(xor_key)
-                # Attempt to extract C2 url, only works in version prior to 0.9.2
-                c2_url = extract_c2_url(config)
-                if c2_url:
-                    config_dict = {"CNCs": [c2_url]}
-                    return config_dict
-                else:
-                    # Handle new variants that compress the Command and Control server(s)
-                    custom_b64_decoded = custom_b64decode(string, custom_alphabets[1])
-                    xor_key = chacha20_xor(custom_b64_decoded, key, nonce)
-                    config = decrypt_config(xor_key)
-                    parsed = parse_compression_header(config)
-                    if not parsed:
-                        return config_dict
-                    decompressed = lzo_noheader_decompress(parsed['compressed_data'], parsed['decompressed_size'])
-                    cncs = [f"https://{chunk.decode()}" for chunk in pattern.split(decompressed) if chunk]
-                    if cncs:
-                        config_dict = {"CNCs": cncs}
-                        return config_dict
-            except Exception:
-                continue
+    # New variants, extract base64 strings
+    extracted_strings = extract_base64_strings(data, 100, 256)
+    if not extracted_strings:
         return config_dict
+    # Handle each encrypted string
+    for string in extracted_strings:
+        cncs = handle_encrypted_string(string)
+        if cncs:
+            return {"CNCs": cncs}
+    return config_dict
 if __name__ == "__main__":
     import sys

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "CAPE-parsers"
-version = "0.1.53"
+version = "0.1.55"
 description = "CAPE: Malware Configuration Extraction"
 authors = ["Kevin O'Reilly <kev@capesandbox.com>", "doomedraven <doomedraven@capesandbox.com>"]
 license = "MIT"

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/LICENSE RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/AgentTesla.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Amadey.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Arkei.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/AsyncRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/AuroraStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Carbanak.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/CobaltStrikeBeacon.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/CobaltStrikeStager.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/DCRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Fareit.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/LokiBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Lumma.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/MonsterV2.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/MyKings.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/NanoCore.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Nighthawk.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Njrat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/PhemedroneStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/QuasarRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Snake.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/SparkRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/Stealc.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/VenomRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/WinosStager.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/XWorm.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/XenoRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/community/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/AdaptixBeacon.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/AuraStealer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Azorult.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/BitPaymer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/BlackDropper.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Blister.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/BruteRatel.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/BumbleBee.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/DarkGate.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/DoppelPaymer.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/DridexLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Formbook.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/GuLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/IcedID.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/IcedIDLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Latrodectus.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Oyster.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/PikaBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/PlugX.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/QakBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Quickbind.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/RedLine.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Remcos.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/SmokeLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Socks5Systemz.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/SquirrelWaffle.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Strrat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/WarzoneRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/Zloader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/CAPE/core/test_cape.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/RATDecoders/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/RATDecoders/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/RATDecoders/test_rats.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/BackOffLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/BackOffPOS.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/BlackNix.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/BuerLoader.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/ChChes.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Emotet.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Enfal.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/EvilGrab.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Greame.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Hancitor.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/HttpBrowser.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/JavaDropper.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Nymaim.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Pandora.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/PoisonIvy.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/PredatorPain.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Punisher.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/RCSession.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/REvil.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/RedLeaf.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Retefe.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/Rozena.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/SmallNet.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/TSCookie.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/TrickBot.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/UrsnifV3.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/_ShadowTech.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/_VirusRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/_jRat.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/unrecom.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/deprecated/xRAT.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/malduck/LICENSE RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/malduck/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/malduck/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/malduck/test_malduck.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/mwcp/README.md RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/mwcp/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/mwcp/test_mwcp.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/__init__.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/aplib.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/blzpack.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/blzpack_lib.so RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/dotnet_utils.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/lznt1.py RENAMED Viewed

File without changes

{cape_parsers-0.1.53 → cape_parsers-0.1.55}/cape_parsers/utils/strings.py RENAMED Viewed

File without changes

CAPE-parsers 0.1.53__tar.gz → 0.1.55__tar.gz

CAPE-parsers 0.1.53tar.gz → 0.1.55tar.gz