From e40eaf5aeec59bf5e3eadcfc59943edcf2e94968 Mon Sep 17 00:00:00 2001
From: doomedraven <abrukhovetskyy@google.com>
Date: Fri, 19 Dec 2025 09:23:20 +0000
Subject: [PATCH 1/2] Skip uploading non-existent local files

Add check for existing local files before upload.
---
 modules/reporting/gcs.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/reporting/gcs.py b/modules/reporting/gcs.py
index 6ff3c5f6577..80a93e95ba8 100644
--- a/modules/reporting/gcs.py
+++ b/modules/reporting/gcs.py
@@ -120,6 +120,8 @@ def _iter_files_to_upload(self, source_directory, exclude_dirs, exclude_files):
                     continue
 
                 local_path = os.path.join(root, filename)
+                if not os.path.exists(local_path):
+                    continue
                 relative_path = os.path.relpath(local_path, source_directory)
                 yield local_path, relative_path
 
@@ -130,7 +132,6 @@ def upload_zip_archive(self, bucket, analysis_id, source_directory, exclude_dirs
             zip_name = "%s_tlp_%s.zip" % analysis_id, tlp
         else:
             zip_name = "%s.zip" % analysis_id
-
         blob_name = zip_name
 
         with tempfile.NamedTemporaryFile(delete=False, suffix=".zip") as tmp_zip_file:
@@ -138,7 +139,6 @@ def upload_zip_archive(self, bucket, analysis_id, source_directory, exclude_dirs
             with zipfile.ZipFile(tmp_zip_file, "w", zipfile.ZIP_DEFLATED) as archive:
                 for local_path, relative_path in self._iter_files_to_upload(source_directory, exclude_dirs, exclude_files):
                     archive.write(local_path, relative_path)
-
         try:
             log.debug("Uploading '%s' to '%s'", tmp_zip_file_name, blob_name)
             blob = bucket.blob(blob_name)
@@ -153,7 +153,6 @@ def upload_files_individually(self, bucket, analysis_id, source_directory, exclu
         folder_name = analysis_id
         if tlp:
             folder_name = "%s_tlp_%s" % analysis_id, tlp
-
         for local_path, relative_path in self._iter_files_to_upload(source_directory, exclude_dirs, exclude_files):
             blob_name = f"{folder_name}/{relative_path}"
             log.debug("Uploading '%s' to '%s'", local_path, blob_name)

From ddd6722c656a7243ad6d4a7e4635eb04fd30ea31 Mon Sep 17 00:00:00 2001
From: Kevin O'Reilly <kevoreilly@gmail.com>
Date: Fri, 19 Dec 2025 12:22:01 +0000
Subject: [PATCH 2/2] Rhadamanthys: restore anti-FP measure for full process
 dumps (monitor yara detection)

---
 data/yara/CAPE/Rhadamanthys.yar | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/yara/CAPE/Rhadamanthys.yar b/data/yara/CAPE/Rhadamanthys.yar
index f7166940f8b..15f6e203631 100644
--- a/data/yara/CAPE/Rhadamanthys.yar
+++ b/data/yara/CAPE/Rhadamanthys.yar
@@ -13,8 +13,9 @@ rule Rhadamanthys
         $anti = {50 68 [4] 68 [4] E8 [4] 83 C4 0C A3 [4] 85 C0 74}
         $dnr = {99 52 50 8D 45 ?? 99 52 50 8B C7 99 52 50 8B C3 99 52 50}
         $sys = {83 E4 F0 6A 33 E8 00 00 00 00 83 04 24 05 CB}
+        $cape_string = "cape_options"
     condition:
-        2 of them
+        2 of them and not $cape_string
 }
 
 rule RhadamanthysLoader