What is Cuckoo Sandbox?Cuckoo Sandbox is a malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.
Why should you use it?Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.
In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they work and what they would do/did on your systems when deployed and understand the context, the motivations and the goals of a breach.
In this way you are able to more effectively understand the incident, respond to it and protect yourself for the future.
There are infinite other contexts where you might need to deploy a sandbox internally, from analyzing an internal breach to proactively scouting wildly distributed threats, collect actionable data and analyzing the ones actively targeting your infrastructure or products.
In any of these cases you'll find Cuckoo to be perfectly suitable, incredibly customizable and well... free!
What does it produce?Cuckoo generates a handful of different raw data which include:
- Native functions and Windows API calls traces
- Copies of files created and deleted from the filesystem
- Dump of the memory of the selected process
- Full memory dump of the analysis machine
- Screenshots of the desktop during the execution of the malware analysis
- Network dump generated by the machine used for the analysis
- JSON report
- HTML report
- MAEC report
- MongoDB interface
- HPFeeds interface
Download ::Alternative Downloads ::
git clone git://github.com/cuckoobox/cuckoo.gitIf you want to clone a specific branch ::
git clone -b <branch name> git://github.com/cuckoobox/cuckoo.gitLinux :: Cuckoo Sandbox 0.6
Official Website :: http://www.cuckoosandbox.org/
0 comments :
Post a Comment