cuckoo-modified icon indicating copy to clipboard operation
cuckoo-modified copied to clipboard
verified publisher icon brad-sp

Option to run dropped files and contacted domains through VirusTotal

Open Fryyyyy opened this issue 10 years ago • 2 comments

The dropped files tab gives the ability to "Search For Analysis". A useful feature would be to have the hash of the dropped files also be queried, and the VT signature indicate if the file dropped files identified by AVs.

A similar feature for URL reputation would also be handy.

Fryyyyy avatar Sep 02 '15 05:09 Fryyyyy

You would almost certainly need a private API account for VT for this to work reliably, with the one built into Cuckoo or even an Intelligence API account, you would very easily hit limits that would then affect the ability to query VT results for main file submission.

That said, I'd be happy to merge a PR for it -- I think upstream Cuckoo may have added support for this already.

brad-sp avatar Sep 02 '15 12:09 brad-sp

Yep, have access to a VT API key

Fryyyyy avatar Sep 02 '15 23:09 Fryyyyy