Cuckoo Sandbox - Malware Analysis System

[Ink]

What is Cuckoo Sandbox? - http://www.cuckoosandbox.org
Cuckoo is an automated malware analysis system: a tool that allows you to understand what a given file does when executed inside an isolated environment. Read the About page for more detail.

Who should use it?

Cuckoo is intended to be used by security researchers, malware researchers and security practitioners that understand the value of having internal malware analytics capabilities in their organizations. Despite the ease of use and customization, Cuckoo requires some basic technical skills, especially when consuming and understanding the results.

Cuckoo Sandbox Book - http://docs.cuckoosandbox.org/en/latest/

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

This guide will explain how to set up Cuckoo, use it and customize it.

 

[kjdemuth]

Anubis, Camas and Threat track are a few more. I like anubis the best. The reports are fairly detailed. Cuckoo is pretty good too.
Malwr is also a good online Cuckoo based site. Excellent resource for malware and how it operates. Very easy to understand reports. https://malwr.com/

 

[LuciferSam]

I've heard about Cuckoo Sandbox with a talk during ESC 2K13 (like OHM, but smaller and it is in Italy) where one of the creators talked about his "baby". It was interesting.

 

[LuciferSam]

Hey, Malware1, are you one of the devs of Cuckoo Sandbox? Or a person that came to ESC?