Cuckoo Sandbox

[Image: Cuckoo+IV.png]

Cuco generates a handful of different raw data which include:

Native functions and Windows API calls fingerprints
Copies of files created and deleted file system
Dump the memory of the selected process
Dump full memory of the analysis machine
Desktop screenshots during execution of malware analysis
Dump network generated by the machine used for analysis

In order to put them to more consuming end users, Cuckoo is able to process and generate different types of reports, which could include:

JSON
Report HTML
Report MAEC Report
MongoDB
Interface HPFeeds interface

Even more interesting thanks to the extensive structure modular cuckoo, you are able to customize both processing and reporting stages. Cuco provides you with all the requirements to easily integrate the litter box into your existing frames and storage with the data you want, any way you want, with the format you want.
Changelog v1.1
  • Imphash Added to PE static analysis
  • Search High URLs in web interface
  • High search for PE Imphash in the web interface
  • High possibility in web interface to queue to all the machines
  • Filtered by category High behavior in the web interface Django
  • High registry analyzer to the web interface Django
  • High API REST to recover images associated with a task
  • High REST API to recover the PCAP associated with a task
  • High database migration utility
  • Added remote submission Added to submit.py utility
  • High utility small stats (utils / stats.py)
  • High PowerShell script analysis package
  • High configuration of overlap for signatures (data / signatures_overlay.json)
  • Fixed bug in MAEC report
  • Fixed package selection for Office documents and CPL scripts
  • Fixed problem with tcpdump filters
  • Fixed uncontrolled exception when loading files to scan engines
  • Fixed problems in CuckooMon that resulted in Internet Explorer crashes
  • Fixed bug in CuckooMon that caused mutual exclusions for be resolved as file paths
  • Fixed a bug in the behavior processing module which resulted in a backslash in the summary registry keys