CAPE-parsers

CAPE core and community parsers

Configs structure

CNCs: []
campaign: str
botnet: str
dga_seed: hex str
version: str
mutex: str
user_agent: str
build: str
cryptokey: str
cryptokey_type: str (algorithm). Ex: RC4, RSA public key. salsa20, (x)chacha20
raw: {any other data goes here}

All CNC entries should be in URL format. aka <schema>://<hostname>:<port>/<uri>
- Schema examples: tcp://, ftp://, udp://, http(s), etc.
- Old CAPE configs still have lack of this structures as most of them are dead families.
- This CNC simplification make it easier to parse with tools like tldextract or urlparse

Name		Name	Last commit message	Last commit date
Latest commit History 322 Commits
.github		.github
cape_parsers		cape_parsers
tests		tests
tests_parsers		tests_parsers
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CAPE-parsers

Configs structure

About

Uh oh!

Releases 52

Packages

Uh oh!

Contributors 13

Uh oh!

Languages

License

CAPESandbox/CAPE-parsers

Folders and files

Latest commit

History

Repository files navigation

CAPE-parsers

Configs structure

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 52

Packages 0

Uh oh!

Contributors 13

Uh oh!

Languages

Packages