search

VirusTotal / yara

The pattern matching swiss knife
https://virustotal.github.io/yara/
BSD 3-Clause "New" or "Revised" License
7.98k stars 1.42k forks source link

Get help with cuckoo module #1978

Open TrungAnhNguyen2k2 opened 10 months ago

TrungAnhNguyen2k2 commented 10 months ago

Describe the bug I got trouble with the yara-cuckoo module rule. To Reproduce Steps to reproduce the behavior: I use module cuckoo to write this rule to test image

And here are the behaviors in the report.json file from cuckoo that I use to write rule.

image

image

But when I ran the command, nothing happen. ( The "2280898cb29faf1785e782596d8029cb471537ec38352e5c17cc263f1f52b8ef" is the malware file that I want to scan)

image

Please tell me, where did I do wrong and how to fix it. Hope you guy answer soon. Thank you very much

plusvic commented 10 months ago

What version of cuckoo are you using? The cuckoo module works with very old versions and haven't been updated in a long time. If you are using a recent version of cuckoo the JSON format has probably changed.

TrungAnhNguyen2k2 commented 9 months ago

What version of cuckoo are you using? The cuckoo module works with very old versions and haven't been updated in a long time. If you are using a recent version of cuckoo the JSON format has probably changed.

Hi I'm using the (https://sandbox.pikker.ee/) so it's the 2.0.7