Cuckoo Sandbox v0.4.2 available (Support for VMware added)

Cuckoo Sandbox v0.4.2 available (Support for VMware added)

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

Cuckoo generates a handful of different raw data which include:

  • Native functions and Windows API calls traces
  • Copies of files created and deleted from the filesystem
  • Dump of the memory of the selected process
  • Screenshots of the desktop during the execution of the malware analysis
  • Network dump generated by the machine used for the analysis

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

  • JSON report
  • HTML report
  • MAEC report
  • MongoDB interface
  • HPFeeds interface

Changelog

* Added support for VMWare Workstation
* Added VirtualBox status change monitor and option “timeout” to virtualbox.conf
* Added log file processing size limit and option “analysis_size_limit” to
  cuckoo.conf
* Added directory submission to submit.py utility
* Added community.py utility to sync custom modules from the community repository
* Fixed missing critical_timeout implementation
* Fixed delete_original race condition
* Fixed some bugs in virtual machine management
* Fixed submission with relative path
* Fixed UTF-8 chars handling in analysis.log
* Fixed race conditions in Windows analyzer
* Some minor fixes

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"