search

certsocietegenerale / fame

FAME Automates Malware Evaluation
https://certsocietegenerale.github.io/fame/
GNU General Public License v3.0
847 stars 168 forks source link

how to connect modules with fame #48

Closed agusdwimuladi closed 6 years ago

agusdwimuladi commented 6 years ago

Description

[how to connect modules like apk verification, cuckoo, cuckoo modified, joe, and office_macros with fame, thanks.]

Steps to Reproduce

[.]

Expected behavior

[Fame can use available modules like apk verification, cuckoo, cuckoo modified, joe, and office_macros and other]

Actual behavior

[fame can not use the available modules like apk verification, cuckoo, cuckoo modified, joe, and office_macros and other.]

Debug

[root@bismillah-VirtualBox:~/fame# utils/run.sh utils/troubleshoot.py [+] Using existing virtualenv.

########## VERSION ##########

OS: Linux-4.10.0-28-generic-x86_64-with-Ubuntu-16.04-xenial Python: 2.7.12

########## DEPENDENCIES ###########

alabaster==0.7.10 amqp==2.3.1 Babel==2.6.0 billiard==3.5.0.3 celery==4.1.1 certifi==2018.4.16 chardet==3.0.4 click==6.7 docutils==0.14 Flask==1.0.2 Flask-Classy==0.6.10 Flask-Login==0.3.2 Flask-Negotiation==0.1.9 flask-paginate==0.5.1 gitdb2==2.0.3 GitPython==2.1.10 idna==2.6 imagesize==1.0.0 itsdangerous==0.24 Jinja2==2.10 kombu==4.2.0 LEPL==5.1.3 markdown2==2.3.5 MarkupSafe==1.0 packaging==17.1 Pygments==2.2.0 pymongo==3.6.1 pyparsing==2.2.0 python-magic==0.4.15 pytz==2018.4 requests==2.18.4 rfc6266==0.0.4 six==1.11.0 smmap2==2.0.3 snowballstemmer==1.2.1 Sphinx==1.7.5 sphinx-rtd-theme==0.3.1 sphinxcontrib-httpdomain==1.6.1 sphinxcontrib-websupport==1.0.1 typing==3.6.4 urllib3==1.22 vine==1.1.4 Werkzeug==0.14.1 zxcvbn==1.0 You are using pip version 10.0.1, however version 18.0 is available. You should consider upgrading via the 'pip install --upgrade pip' command.

########## MongoDB ##########

Version: 3.6.4 Authorization check: True

########## Configuration ##########

types: True virustotal: True email: False malware_config: False volatility: True

Modules:

McAfee Antivirus Disabled Configured
Sophos Antivirus Disabled Configured
Symantec Antivirus Disabled Not Configured apk Processing Enabled Configured
apk_verification Processing Disabled Not Configured bamfdetect Processing Enabled Configured
cuckoo Processing Enabled Configured
cuckoo_modified Processing Enabled Configured
cutthecrap Processing Disabled Not Configured eml Processing Enabled Configured
joe Processing Disabled Not Configured marcher_config Processing Disabled Configured
mem_yara Processing Disabled Not Configured office_macros Processing Enabled Configured
pdf Processing Enabled Configured
rat_decoders Processing Enabled Configured
url_download Processing Enabled Configured
zip Processing Enabled Configured
slack Reporting Disabled Not Configured Yeti Threat Intelligence Disabled Not Configured kvm Virtualization Disabled Configured
virtualbox Virtualization Disabled Configured
root@bismillah-VirtualBox:~/fame#

]

udgover commented 6 years ago

Hello,

Based on your troobleshot, joe and apk verification are not enabled. For cuckoo and cuckoo modified they are enabled and configured so you should have running cuckoo instances.

Concerning office_macros, it's also enabled and should work. Have you tried on an office document containing macros?

agusdwimuladi commented 6 years ago

before I say thank you for your response, for office document containing macros can be accessed where? and may I ask for your email address, thank you.

Heat-Miser commented 6 years ago

Hello,

we won't provide samples. You'll find them in the wild.