botherder
commented
8 years ago We don't incorporate others' code without consent and proper handling. If @FafnerKeyZee wishes to have it upstream, he should open a pull request and follow the procedure.
Closed seifreed closed 7 years ago
botherder
commented
8 years ago We don't incorporate others' code without consent and proper handling. If @FafnerKeyZee wishes to have it upstream, he should open a pull request and follow the procedure.
seifreed
commented
8 years ago Ok Claudio ^^
I will comment with him!
Marc Rivero López | @seifreed | www.ecrime.info http://www.ecrime.info/
El 2 feb 2016, a las 16:01, Nex notifications@github.com escribió:
We don't incorporate others' code without consent and proper handling. If @FafnerKeyZee https://github.com/FafnerKeyZee wishes to have it upstream, he should open a pull request and follow the procedure.
— Reply to this email directly or view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/745#issuecomment-178618793.
jbremer
commented
8 years ago Well, @FafnerKeyZee contacted me to see whether we'd be interested to incorporate this, so I guess it's fine.
That aside. I think an IOC module would make sense; a stripped down JSON report containing solely cyber information without all the extra's. However, there's still plenty of work to be done here. E.g., for a stripped down report, there seems to be quite a lot of whois-related information in the report.
(Here I could also point out that instead of obtaining such information in the IOC report we should also add whois support to Cuckoo in the first place - I know @KillerInstinct already did something along those lines but we have yet to merge that, I guess).
So.. as-is this is not ready to be merged, in my opinion. We could work on improving this situation though.
seifreed
commented
8 years ago Hi Jurriaan,
Awesome !
I hope to see this added in next release or minor candidate ^^
Amazing job guys!
Marc Rivero López | @seifreed | www.ecrime.info http://www.ecrime.info/
El 7 feb 2016, a las 4:33, Jurriaan Bremer notifications@github.com escribió:
Well, @FafnerKeyZee https://github.com/FafnerKeyZee contacted me to see whether we'd be interested to incorporate this, so I guess it's fine.
That aside. I think an IOC module would make sense; a stripped down JSON report containing solely cyber information without all the extra's. However, there's still plenty of work to be done here. E.g., for a stripped down report, there seems to be quite a lot of whois-related information in the report. (Here I could also point out that instead of obtaining such information in the IOC report we should also add whois support to Cuckoo in the first place - I know @KillerInstinct https://github.com/KillerInstinct already did something along those lines but we have yet to merge that, I guess).
So.. as-is this is not ready to be merged, in my opinion. We could work on improving this situation though.
— Reply to this email directly or view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/745#issuecomment-180935486.
FafnerKeyZee
commented
8 years ago Hey,
I spoke with Jbremer about my "add-on", some part will be rewrite for better integration into cuckoo.
FafnerKeyZee
commented
8 years ago Ok, I did an update of my code. For signatures actually we have all those categories: android, anti-av, anti-debug, anti-emulation, anti-sandbox, antivirus, anti-vm, apt, APT, athena, avdetect, backdoor, banker, banking, Banking, betabot, bind, bitcoin, blackpos, bot, browser, bypass, C24 Stealer, cloud, Cloudflare, ddos, dns, downloader, dyndns, execution, expdom, exploit, filesharing, filetransfer, fraud, fraudtool, freehosting, generic, hacktool, hooking, http, icmp, im, infostealer, injection, irc, isrstealer, istealer, jackpos, keylogger, locker, madness, mining, network, origin, packer, persistence, ponybot, pos, ransom, ransomware, rat, recon, rootkit, service, sharpstealer, smtp, sniffer, solarbot, spreading, ssh, targeted, tldwatch, tool, trojan, trojandl, unpacking, urlshort, vertex, vir, virus, warbot, work, worm But not sure we need them all in report, which do you think we need to keep...
jbremer
commented
8 years ago Sorry for the delay in answer. Agreed @FafnerKeyZee. The Signatures can use some love.. and being more strict about the categories would be a very good first step into that direction. Did you do any work in this direction in the past few months?
jbremer
commented
7 years ago Provided that cuckoo-ioc hasn't been updated in over a year, I'm going to close this issue. Something like it would certainly be useful, but as per our conversation above it should start with cleaning up some of the Cuckoo Signatures to be more accurate & properly grouped. Only then should we move forward into this direction (imo).
Feel free to reopen if you have suggestions and/or further feedback.
Hi,
Add this plugin, is working perfectly with the new version
https://github.com/FafnerKeyZee/cuckoo-ioc
Regards