CAPE-parsers

CAPE core and community parsers

Configs structure

CNCs: []
campaign: str
botnet: str
dga_seed: hex str
version: str
mutex: str
user_agent: str
build: str
cryptokey: str
cryptokey_type: str (algorithm). Ex: RC4, RSA public key. salsa20, (x)chacha20
raw: {any other data goes here}

All CNC entries should be in URL format. aka <schema>://<hostname>:<port>/<uri>
- Schema examples: tcp://, ftp://, udp://, http(s), etc.
- Old CAPE configs still have lack of this structures as most of them are dead families.
- This CNC simplification make it easier to parse with tools like tldextract or urlparse

Name		Name	Last commit message	Last commit date
Latest commit History 339 Commits
.github		.github
cape_parsers		cape_parsers
tests		tests
tests_parsers		tests_parsers
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CAPE-parsers

Configs structure

About

Uh oh!

Releases 53

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

CAPE-parsers

Configs structure

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 53

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages