CuckooSandbox
CuckooSandbox_File_Analysis_Inet
Details
Author |
Andrea Garavaglia, LDO-CERT |
Version |
1.2 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
file |
Service Homepage |
Description
Cuckoo Sandbox file analysis with Internet access.
Configuration
Name |
Description |
url |
URL |
token |
API token |
verifyssl |
Verify SSL certificate |
cert_path |
Path to the CA on the system used to check server certificate |
CuckooSandbox_Url_Analysis
Details
Author |
Andrea Garavaglia, LDO-CERT |
Version |
1.2 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
url |
Service Homepage |
Description
Cuckoo Sandbox URL analysis.
Configuration
Name |
Description |
url |
URL |
token |
API token |
verifyssl |
Verify SSL certificate |
cert_path |
Path to the CA on the system used to check server certificate |
Additional details from the README file:
CuckooSandbox
CuckooSandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities.
Analyze many different malicious files (executables, office documents, pdf files, emails, etc) as well as malicious websites under Windows, Linux, macOS, and Android virtualized environments.
Trace API calls and general behavior of the file and distill this into high level information and signatures comprehensible by anyone.
Dump and analyze network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a VPN.
Perform advanced memory analysis of the infected virtualized system through Volatility as well as on a process memory granularity using YARA.
The analyzer comes in two different flavour to analzye url or file with internet access.
Requirements
You need to have your cuckoosandox deployed in your infrastructure. You can download it and follow installation instructions.
The address of the machine must be se as url parameter and relative token as the value for the token parameter.
Depending on your network configuration you can configure verifyssl and cert_path accordingly.