box-js
box-js copied to clipboard
CapacitorSet
Add integration with Cuckoo Sandbox
Probably the best way to integrate boxjs with cuckoo is to buid-up a small API service on boxjs that accepts POST of JS samples. Once it is analyzed, boxjs creates a Json with all the infos about the file (URL,Payloads, Deobfuscated code ecc ecc) that can be downloaded and parsed on the Cuckoo Result Server. For example one of a processing module of cuckoo ,that we can use as a sample, is IRMA (like VirusTotal but on premises http://irma.quarkslab.com/ ) https://github.com/cuckoosandbox/cuckoo/blob/06008813e939e29914bb57138032a83d4ccb4d4a/cuckoo/processing/irma.py (python module). Regards
@Nwinternights, something similar is in the works :) I presented a prototype at ESC2017 in Venice, it mostly works but still requires some refinement. Would you be interested in a beta?
volentieri!! Tomorrow if you want I can talk to a couple of collegues that can help us with python and cuckoo(We work with both cuckoo modified and official version). let's keep in touch.
Ottimo! Nel caso mi puoi scrivere su Gmail a [email protected], o se vuoi qualcosa di più diretto posso passarti il nick di Telegram per email. Integrating with Cuckoo should be relatively simple, considering that it exposes a REST API that can be easily automated, so it shouldn't be necessary to bother your colleagues. Rather, I would be interested in your needs as a malware researchers, and see if the architecture I had in mind would suit them, so I'd like to discuss that with you.