Add integration with Cuckoo Sandbox

[CapacitorSet]

Cuckoo exposes a REST API documented here, it would be nice to integrate with it.

[Nwinternights]

Probably the best way to integrate boxjs with cuckoo is to buid-up a small API service on boxjs that accepts POST of JS samples. Once it is analyzed, boxjs creates a Json with all the infos about the file (URL,Payloads, Deobfuscated code ecc ecc) that can be downloaded and parsed on the Cuckoo Result Server. For example one of a processing module of cuckoo ,that we can use as a sample, is IRMA (like VirusTotal but on premises http://irma.quarkslab.com/ ) https://github.com/cuckoosandbox/cuckoo/blob/06008813e939e29914bb57138032a83d4ccb4d4a/cuckoo/processing/irma.py (python module). Regards

[CapacitorSet]

@Nwinternights, something similar is in the works :) I presented a prototype at ESC2017 in Venice, it mostly works but still requires some refinement. Would you be interested in a beta?

[Nwinternights]

volentieri!! Tomorrow if you want I can talk to a couple of collegues that can help us with python and cuckoo(We work with both cuckoo modified and official version). let's keep in touch.

[CapacitorSet]

Ottimo! Nel caso mi puoi scrivere su Gmail a capacitorset@gmail.com, o se vuoi qualcosa di più diretto posso passarti il nick di Telegram per email. Integrating with Cuckoo should be relatively simple, considering that it exposes a REST API that can be easily automated, so it shouldn't be necessary to bother your colleagues. Rather, I would be interested in your needs as a malware researchers, and see if the architecture I had in mind would suit them, so I'd like to discuss that with you.

[Nwinternights]

Great! I'll write you back this week.