cuckoo2mist icon indicating copy to clipboard operation
cuckoo2mist copied to clipboard

Published 20 hours ago verified publisher icon trou

MIST level

Open Navein opened this issue 7 years ago • 1 comments
trafficstars

Hi, should all the API function be at level 2? For example, for these 2 API calls;

<HttpOpenRequestA mist="01">
			<Path type="type_string"/>
 			<Flags type="type_integer"/>
 			<InternetHandle type="type_hex"/>
		</HttpOpenRequestA>

<CreateRemoteThread mist="01">
			<StartRoutine type="type_hex"/>
 			<Parameter type="type_hex"/>
 			<ProcessHandle type="type_hex"/>
 			<CreationFlags type="type_integer"/>
 			<ThreadId type="type_integer"/>
		</CreateRemoteThread>

<NtWriteVirtualMemory mist="01">
			<Buffer type="type_hex"/>
 			<BaseAddress type="type_hex"/>
 			<ProcessHandle type="type_hex"/>
		</NtWriteVirtualMemory>

Should InternetHandle, ThreadId, and ProcessHandle be at level 2 since the values are varied from sample to sample?

Navein avatar Dec 28 '17 09:12 Navein

Since I haven't used the tool in years, I wouldn't be able to make any meaningful comment.

I do not maintain it anymore, but I'd accept pull requests.

trou avatar Dec 28 '17 09:12 trou