[issue resolved] Trickbot config dumped on CAPEv2 host: python3.6.9 , guest:python3.7.2 #85
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi
I rewrote the CAPE parser specification to extract the Trickbot config from the process dump memory in order to run on CAPEv2 python environment (e.g host: python3.6.9 , guest:python 3.7.2).
Malware config dumping from "procdump_path" had been enabled on this commit of today.
75b987a
CAPE.py
#else: else: # We set append_file to False as we don't wan't to include # the files by default in the CAPE tab #self.process_file(file_path, CAPE_output, False) self.process_file(file_path, CAPE_output, False)
Thus my code is just for adjusting my purpose to python3 env.
Best Regards,
Tatsuya