I previously wrote about incorporation with the Spender modified (hardened) fork of Cuckoo (https://github.com/spender-sandbox/cuckoo-modified). You guys amazingly got this to integrate so it could directly import into threat_note.
Today I received a rather malicious URL phish through Skype - antiVM, analysis delay, reaching out over Eastern Europe, the works - a real indicator goldmine.
The modified fork allows the analysis of URLs, PCAPs and Quarantine files - some of these features are also now in the Cuckoo 2.0 release.
Would it be possible for threat_note to import from alternate streams in Cuckoo modified? As best as I can tell, it only imports from "jobs" which are uploaded binaries, not URL analysis or PCAP analysis. There's a lot of data I've got to manually enter at the moment as it won't import due to the type of analysis.
I previously wrote about incorporation with the Spender modified (hardened) fork of Cuckoo (https://github.com/spender-sandbox/cuckoo-modified). You guys amazingly got this to integrate so it could directly import into threat_note.
Today I received a rather malicious URL phish through Skype - antiVM, analysis delay, reaching out over Eastern Europe, the works - a real indicator goldmine.
The modified fork allows the analysis of URLs, PCAPs and Quarantine files - some of these features are also now in the Cuckoo 2.0 release.
Would it be possible for threat_note to import from alternate streams in Cuckoo modified? As best as I can tell, it only imports from "jobs" which are uploaded binaries, not URL analysis or PCAP analysis. There's a lot of data I've got to manually enter at the moment as it won't import due to the type of analysis.
Cheers,
BG