doomedraven
doomedraven
sorry was reading in diagonal and saw vbox. no idea about vmware as i don't use but to hide that in KVM i was need to patch source code `strs[2]...
see this https://github.com/spender-sandbox/cuckoo-modified/blob/bc3f63e5e1407337bd5a0da7e3431847ccbb9325/modules/reporting/retention.py
check this one https://github.com/doomedraven/cuckoo-modified/blob/master/utils/remove_older.py there also your misp improvements merged
80, 443 the rest depends of the malware
You should tweak pcap processing for that, but pcaps hace everything
ROFL, all depends of the malware which you analyze, if malware is just a downloaded, you will lose payload, if malware do check for internet connection before detonate, you will...
what you need is learn what is malware and how different malware families/types work to better understand what you really need and what you will lose without internet. you can...
read code how yara rules is loaded, there is your answer
that means what you took snapshot in wrong state
you have binary and memory yara rule, depend where you place it, and if that is memory one, you should have process memory activated, or just reexecute processing in debug...