Merge pull request #473 from CybercentreCanada/CMD-revamp

Cmd revamp
CybercentreCanada · Oct 18, 2024 · 0aee6ef · 0aee6ef
2 parents dd3b76a + a6156cd
commit 0aee6ef
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,5 @@
 # CAPEv2 service
 
-**Important**: CAPE Service currently works with version up to 20.05.2024 features and commit [9a543e7]https://github.com/kevoreilly/CAPEv2/commit/9a543e7513c8c1bc62573af041bdc9f87b206f79"
-
 This repository is an Assemblyline service that submits a file to a CAPEv2 deployment, waits for the submission to
 complete, and then parses the report returned.
 

diff --git a/cape/cape_main.py b/cape/cape_main.py
@@ -401,6 +401,7 @@ def _load_rules(self):
         # Generate root directory for yara rules.
         if self.rules_directory is None:
             return
+
         yara_root = os.path.join(self.rules_directory, "cape")
         errors = {}
 

diff --git a/cape/signatures.py b/cape/signatures.py
@@ -221,6 +221,7 @@
     "disables_winfirewall": "Generic",
     "dll_load_uncommon_file_types": "Anti-debug",
     "document_script_exe_drop": "Dropper",
+    "domain_enumeration_commands": "Discovery",
     "doppelganging": "Injection",  # CAPE
     "dotnet_clr_usagelog_regkeys": "Evasion",
     "dotnet_code_compile": "Evasion",
@@ -660,6 +661,7 @@
     "suricata_alert": "Network",
     "suspicious_certutil_use": "Command",
     "suspicious_command_tools": "Command",
+    "suspicious_html_title": "Phishing",
     "suspicious_ioctl_scsipassthough": "Bootkit",
     "suspicious_js_script": "Downloader",
     "suspicious_mpcmdrun_use": "Command",

diff --git a/service_manifest.yml b/service_manifest.yml
@@ -649,6 +649,8 @@ docker_config:
 dependencies:
   updates:
     container:
+      cpu_cores: 2.0
+      ram_mb: 4096
       allow_internet_access: true
       command: ["python", "-m", "cape.update_server"]
       image: ${REGISTRY}cccs/assemblyline-service-cape:$SERVICE_TAG