Skip to content

Commit

Permalink
style: Automatic code formatting
Browse files Browse the repository at this point in the history
  • Loading branch information
@actions-user
actions-user committed Apr 7, 2024
1 parent 690faec commit 3c32d27
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 32 deletions.
17 changes: 9 additions & 8 deletions modules/signatures/all/flarecapa_lib.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

from lib.cuckoo.common.abstracts import Signature


class FlareCAPALib(Signature):
name = "flare_capa_lib"
description = "CAPA detected interesting code functions"
Expand All @@ -26,28 +27,28 @@ class FlareCAPALib(Signature):

def run(self):
ret = False

target = self.results.get("target", {})
if target.get("category") in ("file", "static") and target.get("file"):
capa = self.results["target"]["file"].get("flare_capa", [])
capa = self.results["target"]["file"].get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "lib" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"target": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})
for block in self.results.get("CAPE", {}).get("payloads", []) or []:

for block in self.results.get("CAPE", {}).get("payloads", []) or []:
capa = block.get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "lib" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"payload": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

for keyword in ("procdump", "procmemory", "extracted", "dropped"):
Expand All @@ -62,7 +63,7 @@ def run(self):
for namespace, capability in capabilities.items():
if "lib" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({keyword: "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

return ret
17 changes: 9 additions & 8 deletions modules/signatures/all/flarecapa_persistence.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

from lib.cuckoo.common.abstracts import Signature


class FlareCAPAPersistence(Signature):
name = "flare_capa_persistence"
description = "CAPA detected persistence capabilities"
Expand All @@ -27,28 +28,28 @@ class FlareCAPAPersistence(Signature):

def run(self):
ret = False

target = self.results.get("target", {})
if target.get("category") in ("file", "static") and target.get("file"):
capa = self.results["target"]["file"].get("flare_capa", [])
capa = self.results["target"]["file"].get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "persistence" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"target": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})
for block in self.results.get("CAPE", {}).get("payloads", []) or []:

for block in self.results.get("CAPE", {}).get("payloads", []) or []:
capa = block.get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "persistence" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"payload": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

for keyword in ("procdump", "procmemory", "extracted", "dropped"):
Expand All @@ -63,7 +64,7 @@ def run(self):
for namespace, capability in capabilities.items():
if "persistence" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({keyword: "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

return ret
17 changes: 9 additions & 8 deletions modules/signatures/all/flarecapa_runtime.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

from lib.cuckoo.common.abstracts import Signature


class FlareCAPARuntime(Signature):
name = "flare_capa_runtime"
description = "CAPA detected runtime code"
Expand All @@ -27,28 +28,28 @@ class FlareCAPARuntime(Signature):

def run(self):
ret = False

target = self.results.get("target", {})
if target.get("category") in ("file", "static") and target.get("file"):
capa = self.results["target"]["file"].get("flare_capa", [])
capa = self.results["target"]["file"].get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "runtime" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"target": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})
for block in self.results.get("CAPE", {}).get("payloads", []) or []:

for block in self.results.get("CAPE", {}).get("payloads", []) or []:
capa = block.get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "runtime" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"payload": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

for keyword in ("procdump", "procmemory", "extracted", "dropped"):
Expand All @@ -63,7 +64,7 @@ def run(self):
for namespace, capability in capabilities.items():
if "runtime" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({keyword: "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

return ret
17 changes: 9 additions & 8 deletions modules/signatures/all/flarecapa_targeting.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

from lib.cuckoo.common.abstracts import Signature


class FlareCAPATargeting(Signature):
name = "flare_capa_targeting"
description = "CAPA detected specific system targeting capabilities"
Expand All @@ -27,28 +28,28 @@ class FlareCAPATargeting(Signature):

def run(self):
ret = False

target = self.results.get("target", {})
if target.get("category") in ("file", "static") and target.get("file"):
capa = self.results["target"]["file"].get("flare_capa", [])
capa = self.results["target"]["file"].get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "targeting" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"target": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})
for block in self.results.get("CAPE", {}).get("payloads", []) or []:

for block in self.results.get("CAPE", {}).get("payloads", []) or []:
capa = block.get("flare_capa", [])
if capa:
samplesha256 = capa["sha256"]
capabilities = capa["CAPABILITY"]
for namespace, capability in capabilities.items():
if "targeting" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({"payload": "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

for keyword in ("procdump", "procmemory", "extracted", "dropped"):
Expand All @@ -63,7 +64,7 @@ def run(self):
for namespace, capability in capabilities.items():
if "targeting" in namespace:
ret = True
joined = ', '.join(capability)
joined = ", ".join(capability)
self.data.append({keyword: "SHA256 %s - %s %s" % (samplesha256, namespace, joined)})

return ret

0 comments on commit 3c32d27

Please sign in to comment.