https://github.com/spender-sandbox/cuckoo-modified

Modified edition of cuckoo
https://github.com/spender-sandbox/cuckoo-modified

Last synced: about 2 months ago
JSON representation

Modified edition of cuckoo

• Host: GitHub
• URL: https://github.com/spender-sandbox/cuckoo-modified
• Owner: spender-sandbox
• Created: 2015-11-30T13:55:54.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2017-11-21T14:35:34.000Z (over 6 years ago)
• Last Synced: 2024-02-04T21:58:35.662Z (5 months ago)
• Language: Python
• Size: 38.1 MB
• Stars: 385
• Watchers: 72
• Forks: 185
• Open Issues: 172
• Metadata Files:
  • Readme: README.md

Lists

• Python-Security-Tool-Database - Cuckoo Modified(+Sandbox) - This is deprecated, but the one I'm familiar with. Never used the new one, but it's [here](http://www.cuckoosandbox.org/). This is a really excellent automated malware analyzer, highly recommend. (Synopsis / Table of Contents)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community. (IR Tools Collection / Sandboxing/Reversing Tools)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community. (IR Tools Collection / Sandboxing/Reversing Tools)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community (IR tools Collection / Sandboxing/reversing tools)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community. (IR tools Collection / Sandboxing/reversing tools)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community (IR tools Collection / Sandboxing/reversing tools)
• awesome-computer-science - code - [cuckoo-modified](https://github.com/spender-sandbox/cuckoo-modified) - Modified edition of cuckoo. (Hack Program)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community. (IR tools Collection / Sandboxing/reversing tools)
• awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community. (IR Tools Collection / Sandboxing/Reversing Tools)
• fucking-awesome-incident-response - Cuckoo-modified - Heavily modified Cuckoo fork developed by community. (IR Tools Collection / Sandboxing/Reversing Tools)

README

        
As of 4/26/2017 I'm handing this repo off to others to fork and continue if they wish.  Thanks to doomedraven, KillerInstinct, kevross33, SeanKim77, jgajek, keithjjones, pashashocky, Shane-Carr, seanthegeek, garanews, and all the other contributors I forgot to mention.

This fork aims to continue the work of the heavily modified version of [Cuckoo Sandbox](http://www.cuckoosandbox.org) provided under the GPL by Optiv, Inc.

It offers a number of advantages over the upstream Cuckoo:

+ Fully-normalized file and registry names

+ 64-bit analysis

+ Handling of WoW64 filesystem redirection

+ Many additional API hooks

+ Service monitoring

+ Correlates API calls to malware call chains

+ Ability to follow APC injection and stealth explorer injection

+ Pretty-printed API flags

+ Per-analysis Tor support

+ Over 150 new signature modules (over 75 developed solely by Optiv)

+ Anti-anti-sandbox and anti-anti-VM techniques built-in

+ More stable hooking

+ Ability to restore removed hooks

+ Greatly improved behavioral analysis and signature module API

+ Ability to post comments about analyses

+ Deep hooks in IE's JavaScript and DOM engines usable for Exploit Kit identification

+ Automatic extraction and submission of interesting files from ZIPs, RARs, RFC 2822 emails (.eml), and Outlook .msg files

+ Direct submission of AV quarantine files (Forefront, McAfee, Trend Micro, Kaspersky, MalwareBytes, MSE/SCEP, and SEP12 formats currently supported)

+ Automatic malware classification by [Malheur](http://mlsec.org/malheur/)

+ Significant contributions from [Jeremy Hedges](https://github.com/killerinstinct/), [William Metcalf](https://github.com/wmetcalf), and Kevin Ross

+ Hundreds of other bugfixes

For more information on the initial set of changes, see:

https://www.optiv.com/blog/improving-reliability-of-sandbox-results

If you want to contribute to development, feel free to submit a pull request.