style: Automatic code formatting

modules/parsers/MACO/AgentTesla.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.community.AgentTesla import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.AgentTesla import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -14,11 +15,7 @@ def convert_to_MACO(raw_config: dict) -> MACOModel:
 
     parsed_result = MACOModel(family="AgentTesla", other=raw_config)
     if protocol == "Telegram":
-        parsed_result.http.append(
-            MACOModel.Http(
-                uri=raw_config["C2"], password=raw_config["Password"], usage="c2"
-            )
-        )
+        parsed_result.http.append(MACOModel.Http(uri=raw_config["C2"], password=raw_config["Password"], usage="c2"))
 
     elif protocol in ["HTTP(S)", "Discord"]:
         parsed_result.http.append(MACOModel.Http(uri=raw_config["C2"], usage="c2"))
@@ -46,9 +43,7 @@ def convert_to_MACO(raw_config: dict) -> MACOModel:
         parsed_result.smtp.append(MACOModel.SMTP(**smtp))
 
     if "Persistence_Filename" in raw_config:
-        parsed_result.paths.append(
-            MACOModel.Path(path=raw_config["Persistence_Filename"], usage="storage")
-        )
+        parsed_result.paths.append(MACOModel.Path(path=raw_config["Persistence_Filename"], usage="storage"))
 
     if "ExternalIPCheckServices" in raw_config:
         for service in raw_config["ExternalIPCheckServices"]:

modules/parsers/MACO/AsyncRAT.py

@@ -1,8 +1,9 @@
 import os
 
+from cape_parsers.CAPE.community.AsyncRAT import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.AsyncRAT import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -46,9 +47,7 @@ def convert_to_MACO(raw_config: dict) -> MACOModel:
     if raw_config.get("Pastebin") not in ["null", None]:
         # TODO: Is it used to download the C2 information if not embedded?
         # Ref: https://www.netskope.com/blog/asyncrat-using-fully-undetected-downloader
-        parsed_result.http.append(
-            MACOModel.Http(uri=raw_config["Pastebin"], usage="download")
-        )
+        parsed_result.http.append(MACOModel.Http(uri=raw_config["Pastebin"], usage="download"))
 
     return parsed_result
 

modules/parsers/MACO/AuroraStealer.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.community.AuroraStealer import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.AuroraStealer import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/Azorult.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.core.Azorult import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.Azorult import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/BackOffLoader.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.community.BackOffLoader import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.BackOffLoader import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -15,9 +16,7 @@ def convert_to_MACO(raw_config: dict):
 
     # Encryption details
     parsed_result.encryption.append(
-        MACOModel.Encryption(
-            algorithm="rc4", key=raw_config["EncryptionKey"], seed=raw_config["RC4Seed"]
-        )
+        MACOModel.Encryption(algorithm="rc4", key=raw_config["EncryptionKey"], seed=raw_config["RC4Seed"])
     )
     for url in raw_config["URLs"]:
         parsed_result.http.append(MACOModel.Http(url=url))

modules/parsers/MACO/BackOffPOS.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.community.BackOffPOS import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.BackOffPOS import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -15,9 +16,7 @@ def convert_to_MACO(raw_config: dict):
 
     # Encryption details
     parsed_result.encryption.append(
-        MACOModel.Encryption(
-            algorithm="rc4", key=raw_config["EncryptionKey"], seed=raw_config["RC4Seed"]
-        )
+        MACOModel.Encryption(algorithm="rc4", key=raw_config["EncryptionKey"], seed=raw_config["RC4Seed"])
     )
     for url in raw_config["URLs"]:
         parsed_result.http.append(MACOModel.Http(url=url))

modules/parsers/MACO/BitPaymer.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.core.BitPaymer import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.BitPaymer import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -14,9 +15,7 @@ def convert_to_MACO(raw_config: dict):
     parsed_result.decoded_strings = raw_config["strings"]
 
     # Encryption details
-    parsed_result.encryption.append(
-        MACOModel.Encryption(algorithm="rsa", public_key=raw_config["RSA public key"])
-    )
+    parsed_result.encryption.append(MACOModel.Encryption(algorithm="rsa", public_key=raw_config["RSA public key"]))
     return parsed_result
 
 

modules/parsers/MACO/BlackDropper.py

@@ -1,16 +1,15 @@
+from cape_parsers.CAPE.core.BlackDropper import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.BlackDropper import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
 def convert_to_MACO(raw_config: dict):
     if not raw_config:
         return None
 
-    parsed_result = MACOModel(
-        family="BlackDropper", campaign_id=[raw_config["campaign"]], other=raw_config
-    )
+    parsed_result = MACOModel(family="BlackDropper", campaign_id=[raw_config["campaign"]], other=raw_config)
 
     for dir in raw_config.get("directories", []):
         parsed_result.paths.append(MACOModel.Path(path=dir))

modules/parsers/MACO/BlackNix.py

@@ -1,8 +1,9 @@
 import os
 
+from cape_parsers.CAPE.community.BlackNix import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.BlackNix import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/Blister.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.core.Blister import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.Blister import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -19,9 +19,7 @@ def convert_to_MACO(raw_config: dict):
 
     # Rabbit encryption
     parsed_result.encryption.append(
-        MACOModel.Encryption(
-            algorithm="rabbit", key=raw_config["Rabbit key"], iv=raw_config["Rabbit IV"]
-        )
+        MACOModel.Encryption(algorithm="rabbit", key=raw_config["Rabbit key"], iv=raw_config["Rabbit IV"])
     )
     return parsed_result
 

modules/parsers/MACO/BruteRatel.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.core.BruteRatel import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.BruteRatel import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/BuerLoader.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.core.BuerLoader import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.BuerLoader import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/BumbleBee.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.core.BumbleBee import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.BumbleBee import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -29,9 +29,7 @@ def convert_to_MACO(raw_config: dict):
 
     # RC4 Key
     if raw_config.get("RC4 Key"):
-        parsed_result.encryption.append(
-            MACOModel.Encryption(algorithm="rc4", key=raw_config["RC4 Key"])
-        )
+        parsed_result.encryption.append(MACOModel.Encryption(algorithm="rc4", key=raw_config["RC4 Key"]))
 
     return parsed_result
 

modules/parsers/MACO/Carbanak.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.community.Carbanak import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.Carbanak import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -22,9 +23,7 @@ def convert_to_MACO(raw_config: dict):
     # C2
     if raw_config.get("C2"):
         if isinstance(raw_config["C2"], str):
-            parsed_result.http.append(
-                MACOModel.Http(hostname=raw_config["C2"], usage="c2")
-            )
+            parsed_result.http.append(MACOModel.Http(hostname=raw_config["C2"], usage="c2"))
         else:
             for c2 in raw_config["C2"]:
                 parsed_result.http.append(MACOModel.Http(hostname=c2, usage="c2"))

modules/parsers/MACO/ChChes.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.core.ChChes import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.ChChes import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/CobaltStrikeBeacon.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.community.CobaltStrikeBeacon import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.CobaltStrikeBeacon import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -12,11 +12,7 @@ def convert_to_MACO(raw_config: dict):
     parsed_result = MACOModel(family="CobaltStrikeBeacon", other=raw_config)
 
     clean_config = {k: v for k, v in raw_config.items() if v != "Not Found"}
-    capabilities = {
-        k[1:]: clean_config.pop(k)
-        for k in list(clean_config.keys())
-        if clean_config[k] in ["True", "False"]
-    }
+    capabilities = {k[1:]: clean_config.pop(k) for k in list(clean_config.keys()) if clean_config[k] in ["True", "False"]}
 
     for capability, enabled in capabilities.items():
         if enabled.lower() == "true":
@@ -27,11 +23,7 @@ def convert_to_MACO(raw_config: dict):
     if "C2Server" in clean_config:
         host, get_path = clean_config.pop("C2Server").split(",")
         port = clean_config.pop("Port")
-        parsed_result.http.append(
-            MACOModel.Http(
-                hostname=host, port=port, method="GET", path=get_path, usage="c2"
-            )
-        )
+        parsed_result.http.append(MACOModel.Http(hostname=host, port=port, method="GET", path=get_path, usage="c2"))
         parsed_result.http.append(
             MACOModel.Http(
                 hostname=host,

modules/parsers/MACO/CobaltStrikeStager.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.community.CobaltStrikeStager import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.CobaltStrikeStager import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/DCRat.py

@@ -1,7 +1,7 @@
-
+from cape_parsers.CAPE.community.DCRat import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.community.DCRat import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/DarkGate.py

@@ -1,8 +1,9 @@
 from copy import deepcopy
 
+from cape_parsers.CAPE.core.DarkGate import extract_config
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.DarkGate import extract_config
+
 from modules.parsers.utils import get_YARA_rule
 
 

modules/parsers/MACO/DoppelPaymer.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.core.DoppelPaymer import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.DoppelPaymer import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -14,11 +15,7 @@ def convert_to_MACO(raw_config: dict):
         parsed_result.decoded_strings = raw_config["strings"]
 
     if "RSA public key" in raw_config:
-        parsed_result.encryption.append(
-            MACOModel.Encryption(
-                algorithm="RSA", public_key=raw_config["RSA public key"]
-            )
-        )
+        parsed_result.encryption.append(MACOModel.Encryption(algorithm="RSA", public_key=raw_config["RSA public key"]))
 
     return parsed_result
 

modules/parsers/MACO/DridexLoader.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.core.DridexLoader import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.DridexLoader import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -14,9 +15,7 @@ def convert_to_MACO(raw_config: dict):
         parsed_result.http.append(MACOModel.Http(uri=c2_address, usage="c2"))
 
     if "RC4 key" in raw_config:
-        parsed_result.encryption.append(
-            MACOModel.Encryption(algorithm="RC4", key=raw_config["RC4 key"])
-        )
+        parsed_result.encryption.append(MACOModel.Encryption(algorithm="RC4", key=raw_config["RC4 key"]))
 
     if "Botnet ID" in raw_config:
         parsed_result.identifier.append(raw_config["Botnet ID"])

modules/parsers/MACO/Emotet.py

@@ -1,6 +1,7 @@
+from cape_parsers.CAPE.core.Emotet import extract_config, rule_source
 from maco.extractor import Extractor
 from maco.model import ExtractorModel as MACOModel
-from cape_parsers.CAPE.core.Emotet import extract_config, rule_source
+
 from modules.parsers.utils import get_YARA_rule
 
 
@@ -14,17 +15,9 @@ def convert_to_MACO(raw_config: dict):
         parsed_result.http.append(MACOModel.Http(uri=c2_address, usage="c2"))
 
     if "RC4 public key" in raw_config:
-        parsed_result.encryption.append(
-            MACOModel.Encryption(
-                algorithm="RC4", public_key=raw_config["RSA public key"]
-            )
-        )
-
-    parsed_result.other = {
-        k: raw_config[k]
-        for k in raw_config.keys()
-        if k not in ["address", "RSA public key"]
-    }
+        parsed_result.encryption.append(MACOModel.Encryption(algorithm="RC4", public_key=raw_config["RSA public key"]))
+
+    parsed_result.other = {k: raw_config[k] for k in raw_config.keys() if k not in ["address", "RSA public key"]}
 
     return parsed_result