search

cuckoosandbox / community

Repository of modules and signatures contributed by the community
323 stars 175 forks source link

Cuckoo as a malware sample repository #437

Closed adimenia closed 5 years ago

adimenia commented 5 years ago

Hello is there a way to use Cuckoo as a malware repository database without using the sandbox capabilities?

doomedraven commented 5 years ago

Lol for that you have specific projects, as thezoo, and viper

doomedraven commented 5 years ago

Or cert.pl project but i dont remember the name

adimenia commented 5 years ago

Those do not scale well, and does not provide what I'm looking for.

On Sun, Oct 21, 2018, 11:52 doomedraven notifications@github.com wrote:

Lol for that you have specific projects, as thezoo, and viper

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/community/issues/437#issuecomment-431650835, or mute the thread https://github.com/notifications/unsubscribe-auth/AExjeOE7zhRwubUrZGLGP3sQeVAGr9Muks5unDXdgaJpZM4XyUHh .

doomedraven commented 5 years ago

If they dont do that how do you expect cuckoo to store it without analyze, they will be in pending and you want get what you need not even basic info, if they dont scale well, push improvements ;)

adimenia commented 5 years ago

that's why I asked if cuckoo can be used just as a static analysis engine without the sandbox capabilities.

On Sun, 21 Oct 2018 at 11:56, doomedraven notifications@github.com wrote:

If they dont do that how do you expect cuckoo to store it without analyze, they will be in pending and you want get what you need not even basic info, if they dont scale well, push improvements ;)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/community/issues/437#issuecomment-431651059, or mute the thread https://github.com/notifications/unsubscribe-auth/AExjeHKQa3cKKrGs6o0ZXSgMo1u18f-Yks5unDaqgaJpZM4XyUHh .

doomedraven commented 5 years ago

Well if ypu modify all logix you can do it, but as any tool you need to modify core, so personally if you have coding skills i would suggest to improve viper/thezoo/etc intead of making cuckoo for it :)

jbremer commented 5 years ago

Cuckoo isn't designed to be used as a purely static analysis utility. You'll not find it to be very useful if that's your goal ;-) Closing issue.