Closed seifreed closed 7 years ago
We don't incorporate others' code without consent and proper handling. If @FafnerKeyZee wishes to have it upstream, he should open a pull request and follow the procedure.
Ok Claudio ^^
I will comment with him!
Marc Rivero López | @seifreed | www.ecrime.info http://www.ecrime.info/
El 2 feb 2016, a las 16:01, Nex notifications@github.com escribió:
We don't incorporate others' code without consent and proper handling. If @FafnerKeyZee https://github.com/FafnerKeyZee wishes to have it upstream, he should open a pull request and follow the procedure.
— Reply to this email directly or view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/745#issuecomment-178618793.
Well, @FafnerKeyZee contacted me to see whether we'd be interested to incorporate this, so I guess it's fine.
That aside. I think an IOC module would make sense; a stripped down JSON report containing solely cyber information
without all the extra's. However, there's still plenty of work to be done here. E.g., for a stripped down report, there seems to be quite a lot of whois
-related information in the report.
(Here I could also point out that instead of obtaining such information in the IOC report we should also add whois
support to Cuckoo in the first place - I know @KillerInstinct already did something along those lines but we have yet to merge that, I guess).
So.. as-is this is not ready to be merged, in my opinion. We could work on improving this situation though.
Hi Jurriaan,
Awesome !
I hope to see this added in next release or minor candidate ^^
Amazing job guys!
Marc Rivero López | @seifreed | www.ecrime.info http://www.ecrime.info/
El 7 feb 2016, a las 4:33, Jurriaan Bremer notifications@github.com escribió:
Well, @FafnerKeyZee https://github.com/FafnerKeyZee contacted me to see whether we'd be interested to incorporate this, so I guess it's fine.
That aside. I think an IOC module would make sense; a stripped down JSON report containing solely cyber information without all the extra's. However, there's still plenty of work to be done here. E.g., for a stripped down report, there seems to be quite a lot of whois-related information in the report. (Here I could also point out that instead of obtaining such information in the IOC report we should also add whois support to Cuckoo in the first place - I know @KillerInstinct https://github.com/KillerInstinct already did something along those lines but we have yet to merge that, I guess).
So.. as-is this is not ready to be merged, in my opinion. We could work on improving this situation though.
— Reply to this email directly or view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/745#issuecomment-180935486.
Hey,
I spoke with Jbremer about my "add-on", some part will be rewrite for better integration into cuckoo.
Ok, I did an update of my code. For signatures actually we have all those categories: android, anti-av, anti-debug, anti-emulation, anti-sandbox, antivirus, anti-vm, apt, APT, athena, avdetect, backdoor, banker, banking, Banking, betabot, bind, bitcoin, blackpos, bot, browser, bypass, C24 Stealer, cloud, Cloudflare, ddos, dns, downloader, dyndns, execution, expdom, exploit, filesharing, filetransfer, fraud, fraudtool, freehosting, generic, hacktool, hooking, http, icmp, im, infostealer, injection, irc, isrstealer, istealer, jackpos, keylogger, locker, madness, mining, network, origin, packer, persistence, ponybot, pos, ransom, ransomware, rat, recon, rootkit, service, sharpstealer, smtp, sniffer, solarbot, spreading, ssh, targeted, tldwatch, tool, trojan, trojandl, unpacking, urlshort, vertex, vir, virus, warbot, work, worm But not sure we need them all in report, which do you think we need to keep...
Sorry for the delay in answer. Agreed @FafnerKeyZee. The Signatures can use some love.. and being more strict about the categories would be a very good first step into that direction. Did you do any work in this direction in the past few months?
Provided that cuckoo-ioc
hasn't been updated in over a year, I'm going to close this issue. Something like it would certainly be useful, but as per our conversation above it should start with cleaning up some of the Cuckoo Signatures to be more accurate & properly grouped. Only then should we move forward into this direction (imo).
Feel free to reopen if you have suggestions and/or further feedback.
Hi,
Add this plugin, is working perfectly with the new version
https://github.com/FafnerKeyZee/cuckoo-ioc
Regards