Closed joser12345678 closed 2 months ago
doomedraven
commented
3 months ago hello, if you can see the data on worker but not on master that means that you have something wrong, as when master pushing task to worker it pushes in option main_task_id=X which is master task id, and stores that to mongo, review your configuration. as you didn't provide any useful detail to know what is wrong
joser12345678
commented
2 months ago So for my configuration, right now I just simply point the worker to the mongo instance on the master. Whats also interesting to me is when I submit a task to a linux machine I have on the worker, everything works fine, the behavioral analysis page is populated and all.
joser12345678
commented
2 months ago Ah ok so a misunderstanding on my part. Had to look at the main task ID one the worker for correct info (my apologies, still learning the system all the way). Now I realize the behavioral reports are not being generated at all on the worker. Looking at the processing logs I am seeing logs like this as an example:
2024-07-05 13:46:28,282 [Task 16 (88)] [modules.processing.strace] WARNING: Strace logs does not exist at path "/opt/CAPEv2/storage/analyses/16/logs/strace.log"
2024-07-05 13:46:28,285 [Task 16 (88)] [modules.processing.suricata] WARNING: Failed to connect to socket and send command /tmp/suricata-command.socket: [Errno 2] No such file or directory
2024-07-05 13:46:28,355 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "uac_bypass_cmstp": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/bypass_uac.py", line 160, in on_complete
cmdlines = self.results["behavior"]["summary"]["executed_commands"]
KeyError: 'summary'
2024-07-05 13:46:28,439 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "cryptopool_domains": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/cryptopools.py", line 41, in on_complete
or self.check_executed_command(pattern=domain, regex=True)
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1252, in check_executed_command
subject = self.results["behavior"]["summary"]["executed_commands"]
KeyError: 'summary'
2024-07-05 13:46:28,441 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "modify_desktop_wallpaper": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/modifies_wallpaper.py", line 46, in on_complete
if self.check_write_key(pattern=indicator, regex=True):
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1185, in check_write_key
subject = self.results["behavior"]["summary"]["write_keys"]
KeyError: 'summary'
2024-07-05 13:46:28,442 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "network_tor": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/network_tor.py", line 50, in on_complete
if self.check_file(pattern=indicator, regex=True):
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1107, in check_file
subject = self.results["behavior"]["summary"]["files"]
KeyError: 'summary'
2024-07-05 13:46:28,442 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "persistence_autorun": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/persistence_autorun.py", line 182, in on_complete
match_key = self.check_write_key(pattern=indicator, regex=True, all=True)
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1185, in check_write_key
subject = self.results["behavior"]["summary"]["write_keys"]
KeyError: 'summary'
2024-07-05 13:46:28,443 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "persistence_autorun_tasks": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/persistence_autorun.py", line 74, in on_complete
match_key = self.check_write_key(pattern=indicator, regex=True, all=True)
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1185, in check_write_key
subject = self.results["behavior"]["summary"]["write_keys"]
KeyError: 'summary'
2024-07-05 13:46:28,444 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "persistence_bootexecute": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/persistence_bootexecute.py", line 46, in on_complete
match_key = self.check_write_key(
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1185, in check_write_key
subject = self.results["behavior"]["summary"]["write_keys"]
KeyError: 'summary'
2024-07-05 13:46:28,445 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "ransomware_file_modifications": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/ransomware_filemodifications.py", line 107, in on_complete
deletedfiles = self.results["behavior"]["summary"]["delete_files"]
KeyError: 'summary'
2024-07-05 13:46:28,445 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed run on_complete() method for signature "rat_nanocore": 'summary'
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/core/plugins.py", line 591, in run
result = sig.on_complete()
File "/opt/CAPEv2/utils/../modules/signatures/windows/rat_nanocore.py", line 65, in on_complete
if self.check_write_file(pattern=ioc, regex=True):
File "/opt/CAPEv2/utils/../lib/cuckoo/common/abstracts.py", line 1133, in check_write_file
subject = self.results["behavior"]["summary"]["write_files"]
KeyError: 'summary'
2024-07-05 13:46:28,449 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "banker_zeus_p2p": 'summary'
2024-07-05 13:46:28,450 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "bot_athenahttp": 'summary'
2024-07-05 13:46:28,456 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "family_proxyback": 'summary'
2024-07-05 13:46:28,489 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "accesses_mailslot": 'summary'
2024-07-05 13:46:28,490 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "accesses_netlogon_regkey": 'summary'
2024-07-05 13:46:28,490 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "accesses_public_folder": 'summary'
2024-07-05 13:46:28,491 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "accesses_sysvol": 'summary'
2024-07-05 13:46:28,491 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "writes_sysvol": 'summary'
2024-07-05 13:46:28,492 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "adds_admin_user": 'summary'
2024-07-05 13:46:28,492 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "adds_user": 'summary'
2024-07-05 13:46:28,493 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "overwrites_admin_password": 'summary'
2024-07-05 13:46:28,493 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antianalysis_detectfile": 'summary'
2024-07-05 13:46:28,494 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antianalysis_detectreg": 'summary'
2024-07-05 13:46:28,494 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modify_attachment_manager": 'summary'
2024-07-05 13:46:28,495 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antiav_detectfile": 'summary'
2024-07-05 13:46:28,495 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antiav_detectreg": 'summary'
2024-07-05 13:46:28,496 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antiav_srp": 'summary'
2024-07-05 13:46:28,496 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antiav_whitespace": 'summary'
2024-07-05 13:46:28,497 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antidebug_devices": 'summary'
2024-07-05 13:46:28,497 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antiemu_windefend": 'summary'
2024-07-05 13:46:28,498 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antiemu_wine_reg": 'summary'
2024-07-05 13:46:28,498 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antisandbox_cuckoo_files": 'summary'
2024-07-05 13:46:28,499 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antisandbox_fortinet_files": 'summary'
2024-07-05 13:46:28,499 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antisandbox_joe_anubis_files": 'summary'
2024-07-05 13:46:28,500 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antisandbox_sboxie_mutex": 'summary'
2024-07-05 13:46:28,500 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antisandbox_sunbelt_files": 'summary'
2024-07-05 13:46:28,501 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antisandbox_threattrack_files": 'summary'
2024-07-05 13:46:28,501 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_bochs_keys": 'summary'
2024-07-05 13:46:28,502 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_generic_bios": 'summary'
2024-07-05 13:46:28,502 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_generic_diskreg": 'summary'
2024-07-05 13:46:28,503 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_hyperv_keys": 'summary'
2024-07-05 13:46:28,503 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_parallels_keys": 'summary'
2024-07-05 13:46:28,504 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vbox_devices": 'summary'
2024-07-05 13:46:28,504 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vbox_files": 'summary'
2024-07-05 13:46:28,505 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vbox_keys": 'summary'
2024-07-05 13:46:28,505 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vmware_devices": 'summary'
2024-07-05 13:46:28,506 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vmware_files": 'summary'
2024-07-05 13:46:28,506 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vmware_keys": 'summary'
2024-07-05 13:46:28,507 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vmware_mutexes": 'summary'
2024-07-05 13:46:28,507 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vpc_files": 'summary'
2024-07-05 13:46:28,508 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vpc_keys": 'summary'
2024-07-05 13:46:28,508 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_vpc_mutex": 'summary'
2024-07-05 13:46:28,509 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antivm_xen_keys": 'summary'
2024-07-05 13:46:28,509 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "asyncrat_mutex": 'summary'
2024-07-05 13:46:28,510 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "gulpix_behavior": 'summary'
2024-07-05 13:46:28,510 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ketrican_regkeys": 'summary'
2024-07-05 13:46:28,511 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "okrum_mutexes": 'summary'
2024-07-05 13:46:28,511 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "banker_cridex": 'summary'
2024-07-05 13:46:28,512 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "geodo_banking_trojan": 'summary'
2024-07-05 13:46:28,512 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "banker_spyeye_mutexes": 'summary'
2024-07-05 13:46:28,513 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "banker_zeus_mutex": 'summary'
2024-07-05 13:46:28,513 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "bitcoin_opencl": 'summary'
2024-07-05 13:46:28,514 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "accesses_primary_patition": 'summary'
2024-07-05 13:46:28,514 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "direct_hdd_access": 'summary'
2024-07-05 13:46:28,515 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "enumerates_physical_drives": 'summary'
2024-07-05 13:46:28,516 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "physical_drive_access": 'summary'
2024-07-05 13:46:28,516 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "bot_russkill": 'summary'
2024-07-05 13:46:28,517 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "browser_addon": 'summary'
2024-07-05 13:46:28,517 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "chromium_browser_extension_directory": 'summary'
2024-07-05 13:46:28,517 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "browser_helper_object": 'summary'
2024-07-05 13:46:28,518 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "browser_security": 'summary'
2024-07-05 13:46:28,519 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "browser_startpage": 'summary'
2024-07-05 13:46:28,519 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ie_disables_process_tab": 'summary'
2024-07-05 13:46:28,520 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "odbcconf_bypass": 'summary'
2024-07-05 13:46:28,520 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "squiblydoo_bypass": 'summary'
2024-07-05 13:46:28,521 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "squiblytwo_bypass": 'summary'
2024-07-05 13:46:28,521 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "bypass_firewall": 'summary'
2024-07-05 13:46:28,522 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uac_bypass_cmstpcom": 'summary'
2024-07-05 13:46:28,522 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uac_bypass_delegateexecute_sdclt": 'summary'
2024-07-05 13:46:28,523 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uac_bypass_fodhelper": 'summary'
2024-07-05 13:46:28,523 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "carberp_mutex": 'summary'
2024-07-05 13:46:28,524 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "clears_logs": 'summary'
2024-07-05 13:46:28,524 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_obfuscation": 'summary'
2024-07-05 13:46:28,525 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_switches": 'summary'
2024-07-05 13:46:28,525 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_terminate": 'summary'
2024-07-05 13:46:28,526 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_forfiles_wildcard": 'summary'
2024-07-05 13:46:28,526 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_http_link": 'summary'
2024-07-05 13:46:28,527 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_long_string": 'summary'
2024-07-05 13:46:28,527 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_reversed_http_link": 'summary'
2024-07-05 13:46:28,528 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "long_commandline": 'summary'
2024-07-05 13:46:28,528 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "powershell_renamed_commandline": 'summary'
2024-07-05 13:46:28,531 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "credwiz_credentialaccess": 'summary'
2024-07-05 13:46:28,531 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "enables_wdigest": 'summary'
2024-07-05 13:46:28,532 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "vaultcmd_credentialaccess": 'summary'
2024-07-05 13:46:28,532 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "file_credential_store_access": 'summary'
2024-07-05 13:46:28,533 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "file_credential_store_write": 'summary'
2024-07-05 13:46:28,533 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "registry_credential_dumping": 'summary'
2024-07-05 13:46:28,534 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "registry_credential_store_access": 'summary'
2024-07-05 13:46:28,534 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "registry_lsa_secrets_access": 'summary'
2024-07-05 13:46:28,535 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "comsvcs_credentialdump": 'summary'
2024-07-05 13:46:28,535 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cryptomining_stratum_command": 'summary'
2024-07-05 13:46:28,536 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cypherit_mutexes": 'summary'
2024-07-05 13:46:28,536 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "darkcomet_regkeys": 'summary'
2024-07-05 13:46:28,537 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "datop_loader": 'summary'
2024-07-05 13:46:28,537 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "deepfreeze_mutex": 'summary'
2024-07-05 13:46:28,538 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "deletes_executed_files": 'summary'
2024-07-05 13:46:28,538 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_app_launch": 'summary'
2024-07-05 13:46:28,539 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_auto_app_termination": 'summary'
2024-07-05 13:46:28,539 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_appv_virtualization": 'summary'
2024-07-05 13:46:28,540 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_backups": 'summary'
2024-07-05 13:46:28,540 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_browser_warn": 'summary'
2024-07-05 13:46:28,541 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_context_menus": 'summary'
2024-07-05 13:46:28,541 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_cpl_disable": 'summary'
2024-07-05 13:46:28,542 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_crashdumps": 'summary'
2024-07-05 13:46:28,542 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_event_logging": 'summary'
2024-07-05 13:46:28,543 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_folder_options": 'summary'
2024-07-05 13:46:28,543 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_notificationcenter": 'summary'
2024-07-05 13:46:28,544 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_power_options": 'summary'
2024-07-05 13:46:28,544 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_restore_default_state": 'summary'
2024-07-05 13:46:28,545 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_run_command": 'summary'
2024-07-05 13:46:28,546 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_smartscreen": 'summary'
2024-07-05 13:46:28,546 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_startmenu_search": 'summary'
2024-07-05 13:46:28,547 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_system_restore": 'summary'
2024-07-05 13:46:28,547 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_uac": 'summary'
2024-07-05 13:46:28,548 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_wer": 'summary'
2024-07-05 13:46:28,548 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_windows_defender": 'summary'
2024-07-05 13:46:28,549 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_windows_defender_logging": 'summary'
2024-07-05 13:46:28,550 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "removes_windows_defender_contextmenu": 'summary'
2024-07-05 13:46:28,551 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "windows_defender_powershell": 'summary'
2024-07-05 13:46:28,551 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_windows_file_protection": 'summary'
2024-07-05 13:46:28,552 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_windowsupdate": 'summary'
2024-07-05 13:46:28,552 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_winfirewall": 'summary'
2024-07-05 13:46:28,553 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "adfind_domain_enumeration": 'summary'
2024-07-05 13:46:28,553 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "domain_enumeration_commands": 'summary'
2024-07-05 13:46:28,554 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "andromut_mutexes": 'summary'
2024-07-05 13:46:28,554 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "downloader_cabby": 'summary'
2024-07-05 13:46:28,555 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "phorpiex_mutexes": 'summary'
2024-07-05 13:46:28,555 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "protonbot_mutexes": 'summary'
2024-07-05 13:46:28,556 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "driver_filtermanager": 'summary'
2024-07-05 13:46:28,556 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "dll_archive_execution": 'summary'
2024-07-05 13:46:28,557 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "lnk_archive_execution": 'summary'
2024-07-05 13:46:28,557 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "script_archive_execution": 'summary'
2024-07-05 13:46:28,558 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "spooler_access": 'summary'
2024-07-05 13:46:28,559 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "spooler_svc_start": 'summary'
2024-07-05 13:46:28,559 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "mapped_drives_uac": 'summary'
2024-07-05 13:46:28,560 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "hides_recycle_bin_icon": 'summary'
2024-07-05 13:46:28,560 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "apocalypse_stealer_file_behavior": 'summary'
2024-07-05 13:46:28,561 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "arkei_files": 'summary'
2024-07-05 13:46:28,561 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "azorult_mutexes": 'summary'
2024-07-05 13:46:28,562 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "infostealer_bitcoin": 'summary'
2024-07-05 13:46:28,562 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cryptbot_files": 'summary'
2024-07-05 13:46:28,563 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "echelon_files": 'summary'
2024-07-05 13:46:28,563 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "infostealer_ftp": 'summary'
2024-07-05 13:46:28,564 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "infostealer_im": 'summary'
2024-07-05 13:46:28,564 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "infostealer_mail": 'summary'
2024-07-05 13:46:28,565 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "poullight_files": 'summary'
2024-07-05 13:46:28,565 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "purplewave_mutexes": 'summary'
2024-07-05 13:46:28,566 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "quilclipper_mutexes": 'summary'
2024-07-05 13:46:28,566 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "qulab_files": 'summary'
2024-07-05 13:46:28,567 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "qulab_mutexes": 'summary'
2024-07-05 13:46:28,567 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "asyncrat_mutex": 'summary'
2024-07-05 13:46:28,569 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "masquerade_process_name": 'summary'
2024-07-05 13:46:28,569 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "mimikatz_modules": 'summary'
2024-07-05 13:46:28,570 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modify_certs": 'summary'
2024-07-05 13:46:28,570 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "dotnet_clr_usagelog_regkeys": 'summary'
2024-07-05 13:46:28,571 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modify_hostfile": 'summary'
2024-07-05 13:46:28,571 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modify_oem_information": 'summary'
2024-07-05 13:46:28,572 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modify_security_center_warnings": 'summary'
2024-07-05 13:46:28,572 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modify_uac_prompt": 'summary'
2024-07-05 13:46:28,586 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "network_tor_service": 'summary'
2024-07-05 13:46:28,587 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "office_addinloading": 'summary'
2024-07-05 13:46:28,588 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "office_perfkey": 'summary'
2024-07-05 13:46:28,588 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "changes_trust_center_settings": 'summary'
2024-07-05 13:46:28,589 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "disables_vba_trust_access": 'summary'
2024-07-05 13:46:28,592 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "office_security": 'summary'
2024-07-05 13:46:28,593 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "packer_armadillo_mutex": 'summary'
2024-07-05 13:46:28,593 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "packer_armadillo_regkey": 'summary'
2024-07-05 13:46:28,594 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_ads": 'summary'
2024-07-05 13:46:28,594 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_safeboot": 'summary'
2024-07-05 13:46:28,595 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_ifeo": 'summary'
2024-07-05 13:46:28,595 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_silent_process_exit": 'summary'
2024-07-05 13:46:28,596 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_rdp_registry": 'summary'
2024-07-05 13:46:28,596 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_rdp_shadowing": 'summary'
2024-07-05 13:46:28,597 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_service": 'summary'
2024-07-05 13:46:28,597 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "persistence_shim_database": 'summary'
2024-07-05 13:46:28,598 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "powerpool_mutexes": 'summary'
2024-07-05 13:46:28,598 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "powershell_command_suspicious": 'summary'
2024-07-05 13:46:28,599 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "powershell_renamed": 'summary'
2024-07-05 13:46:28,599 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "powershell_reversed": 'summary'
2024-07-05 13:46:28,600 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "powershell_variable_obfuscation": 'summary'
2024-07-05 13:46:28,600 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "prevents_safeboot": 'summary'
2024-07-05 13:46:28,601 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cmdline_process_discovery": 'summary'
2024-07-05 13:46:28,602 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "cryptomix_mutexes": 'summary'
2024-07-05 13:46:28,602 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "dharma_mutexes": 'summary'
2024-07-05 13:46:28,603 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ransomware_extensions": 'summary'
2024-07-05 13:46:28,603 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ransomware_files": 'summary'
2024-07-05 13:46:28,604 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "fonix_mutexes": 'summary'
2024-07-05 13:46:28,604 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "gandcrab_mutexes": 'summary'
2024-07-05 13:46:28,605 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "germanwiper_mutexes": 'summary'
2024-07-05 13:46:28,605 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "medusalocker_mutexes": 'summary'
2024-07-05 13:46:28,606 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "medusalocker_regkeys": 'summary'
2024-07-05 13:46:28,606 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "nemty_mutexes": 'summary'
2024-07-05 13:46:28,607 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "nemty_regkeys": 'summary'
2024-07-05 13:46:28,607 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "pysa_mutexes": 'summary'
2024-07-05 13:46:28,608 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ransomware_radamant": 'summary'
2024-07-05 13:46:28,608 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ransomware_recyclebin": 'summary'
2024-07-05 13:46:28,609 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "revil_mutexes": 'summary'
2024-07-05 13:46:28,609 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ransomware_revil_regkey": 'summary'
2024-07-05 13:46:28,610 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "satan_mutexes": 'summary'
2024-07-05 13:46:28,610 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "snake_ransom_mutexes": 'summary'
2024-07-05 13:46:28,611 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "stop_ransom_mutexes": 'summary'
2024-07-05 13:46:28,611 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "stop_ransomware_cmd": 'summary'
2024-07-05 13:46:28,612 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_beebus_mutexes": 'summary'
2024-07-05 13:46:28,612 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "blacknet_mutexes": 'summary'
2024-07-05 13:46:28,613 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "blackrat_mutexes": 'summary'
2024-07-05 13:46:28,613 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "crat_mutexes": 'summary'
2024-07-05 13:46:28,614 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "dcrat_files": 'summary'
2024-07-05 13:46:28,614 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "dcrat_mutexes": 'summary'
2024-07-05 13:46:28,615 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_fynloski_mutexes": 'summary'
2024-07-05 13:46:28,616 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "limerat_mutexes": 'summary'
2024-07-05 13:46:28,616 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "limerat_regkeys": 'summary'
2024-07-05 13:46:28,617 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "lodarat_file_behavior": 'summary'
2024-07-05 13:46:28,617 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "modirat_behavior": 'summary'
2024-07-05 13:46:28,618 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "njrat_regkeys": 'summary'
2024-07-05 13:46:28,618 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "obliquerat_files": 'summary'
2024-07-05 13:46:28,619 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "obliquerat_mutexes": 'summary'
2024-07-05 13:46:28,619 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "parallax_mutexes": 'summary'
2024-07-05 13:46:28,620 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_pcclient": 'summary'
2024-07-05 13:46:28,620 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_plugx_mutexes": 'summary'
2024-07-05 13:46:28,621 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_poisonivy_mutexes": 'summary'
2024-07-05 13:46:28,621 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_quasar_mutexes": 'summary'
2024-07-05 13:46:28,622 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ratsnif_mutexes": 'summary'
2024-07-05 13:46:28,622 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_spynet": 'summary'
2024-07-05 13:46:28,623 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "venomrat_mutexes": 'summary'
2024-07-05 13:46:28,623 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "warzonerat_files": 'summary'
2024-07-05 13:46:28,624 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "warzonerat_regkeys": 'summary'
2024-07-05 13:46:28,625 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "xpertrat_mutexes": 'summary'
2024-07-05 13:46:28,625 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rat_xtreme_mutexes": 'summary'
2024-07-05 13:46:28,626 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "recon_fingerprint": 'summary'
2024-07-05 13:46:28,626 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "remcos_files": 'summary'
2024-07-05 13:46:28,627 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "remcos_mutexes": 'summary'
2024-07-05 13:46:28,627 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "remcos_regkeys": 'summary'
2024-07-05 13:46:28,628 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "rdptcp_key": 'summary'
2024-07-05 13:46:28,628 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_rdp_clip": 'summary'
2024-07-05 13:46:28,629 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_remote_desktop_session": 'summary'
2024-07-05 13:46:28,629 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "removes_networking_icon": 'summary'
2024-07-05 13:46:28,630 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "removes_pinned_programs": 'summary'
2024-07-05 13:46:28,630 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "removes_security_maintenance_icon": 'summary'
2024-07-05 13:46:28,631 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "removes_startmenu_defaults": 'summary'
2024-07-05 13:46:28,631 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "removes_username_startmenu": 'summary'
2024-07-05 13:46:28,632 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "spicyhotpot_behavior": 'summary'
2024-07-05 13:46:28,632 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "sniffer_winpcap": 'summary'
2024-07-05 13:46:28,633 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "spreading_autoruninf": 'summary'
2024-07-05 13:46:28,633 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "stealth_hidden_extension": 'summary'
2024-07-05 13:46:28,634 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "stealth_hiddenreg": 'summary'
2024-07-05 13:46:28,634 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "stealth_hide_notifications": 'summary'
2024-07-05 13:46:28,635 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "stealth_webhistory": 'summary'
2024-07-05 13:46:28,635 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "sysinternals_psexec": 'summary'
2024-07-05 13:46:28,636 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "sysinternals_tools": 'summary'
2024-07-05 13:46:28,636 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "tampers_etw": 'summary'
2024-07-05 13:46:28,637 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "lsa_tampering": 'summary'
2024-07-05 13:46:28,637 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "tampers_powershell_logging": 'summary'
2024-07-05 13:46:28,638 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "targeted_flame": 'summary'
2024-07-05 13:46:28,638 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "territorial_disputes_sigs": 'summary'
2024-07-05 13:46:28,639 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "trickbot_mutex": 'summary'
2024-07-05 13:46:28,639 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "fleercivet_mutex": 'summary'
2024-07-05 13:46:28,640 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "lokibot_mutexes": 'summary'
2024-07-05 13:46:28,640 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "ursnif_behavior": 'summary'
2024-07-05 13:46:28,641 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_adfind": 'summary'
2024-07-05 13:46:28,642 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_ms_protocol": 'summary'
2024-07-05 13:46:28,642 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "neshta_mutexes": 'summary'
2024-07-05 13:46:28,643 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "renamer_mutexes": 'summary'
2024-07-05 13:46:28,643 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "owa_web_shell_files": 'summary'
2024-07-05 13:46:28,644 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "web_shell_files": 'summary'
2024-07-05 13:46:28,644 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "web_shell_processes": 'summary'
2024-07-05 13:46:28,645 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "dotnet_csc_build": 'summary'
2024-07-05 13:46:28,646 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "multiple_explorer_instances": 'summary'
2024-07-05 13:46:28,646 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "script_tool_executed": 'summary'
2024-07-05 13:46:28,647 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "suspicious_certutil_use": 'summary'
2024-07-05 13:46:28,647 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "suspicious_command_tools": 'summary'
2024-07-05 13:46:28,648 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "suspicious_mpcmdrun_use": 'summary'
2024-07-05 13:46:28,648 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "suspicious_ping_use": 'summary'
2024-07-05 13:46:28,649 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_powershell_copyitem": 'summary'
2024-07-05 13:46:28,649 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities": 'summary'
2024-07-05 13:46:28,650 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_appcmd": 'summary'
2024-07-05 13:46:28,650 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_csvde_ldifde": 'summary'
2024-07-05 13:46:28,651 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_cipher": 'summary'
2024-07-05 13:46:28,651 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_clickonce": 'summary'
2024-07-05 13:46:28,652 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_curl": 'summary'
2024-07-05 13:46:28,652 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_dsquery": 'summary'
2024-07-05 13:46:28,653 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_esentutl": 'summary'
2024-07-05 13:46:28,653 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_finger": 'summary'
2024-07-05 13:46:28,654 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_mode": 'summary'
2024-07-05 13:46:28,654 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_ntdsutil": 'summary'
2024-07-05 13:46:28,655 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_nltest": 'summary'
2024-07-05 13:46:28,655 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "uses_windows_utilities_xcopy": 'summary'
2024-07-05 13:46:28,656 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "wmic_command_suspicious": 'summary'
2024-07-05 13:46:28,656 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "scrcons_wmi_script_consumer": 'summary'
2024-07-05 13:46:28,657 [Task 16 (88)] [lib.cuckoo.core.plugins] ERROR: Failed to run signature "allaple_mutexes": 'summary'
2024-07-05 13:46:28,662 [Task 16 (88)] [lib.cuckoo.common.integrations.capa] ERROR: 3 validation errors for CapeReport
behavior.summary
Field required [type=missing, input_value={'processes': [], 'processtree': []}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.4/v/missing
behavior.anomaly
Field required [type=missing, input_value={'processes': [], 'processtree': []}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.4/v/missing
behavior.encryptedbuffers
Field required [type=missing, input_value={'processes': [], 'processtree': []}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.4/v/missing
Traceback (most recent call last):
File "/opt/CAPEv2/utils/../lib/cuckoo/common/integrations/capa.py", line 259, in flare_capa_details
extractor = capa.features.extractors.cape.extractor.CapeExtractor.from_report(results)
File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/capa/features/extractors/cape/extractor.py", line 126, in from_report
cr = CapeReport.model_validate(report)
File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.10/lib/python3.10/site-packages/pydantic/main.py", line 503, in model_validate
return cls.__pydantic_validator__.validate_python(
pydantic_core._pydantic_core.ValidationError: 3 validation errors for CapeReport
behavior.summary
Field required [type=missing, input_value={'processes': [], 'processtree': []}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.4/v/missing
behavior.anomaly
Field required [type=missing, input_value={'processes': [], 'processtree': []}, input_type=dict]
For further information visit https://errors.pydantic.dev/2.4/v/missing
behavior.encryptedbuffers
Field required [type=missing, input_value={'processes': [], 'processtree': []}, input_type=dict]did you disable summary in processing?
doomedraven
commented
2 months ago joser12345678
commented
2 months ago No sir, it is on. Turned it off and still got the same error when running poetry run python utils/process.py -r 17 -d
doomedraven
commented
2 months ago i just pushed fix for signatures for that, but that are signatures, so you have some probelm with behavior processing, you need to spot why it fails as from log that youposted there is nothing that could help
doomedraven
commented
2 months ago wait is that linux binary?
doomedraven
commented
2 months ago also run poetry run python3 utils/community.py -waf so that will fix summary issues
joser12345678
commented
2 months ago Ok, I'll try and insert some debug messages in one of the sigatures see if I can spot where it fails. And no this is a .exe file. Ran the community.py script, no help. I'll let you know what I find
doomedraven
commented
2 months ago no,signatures are not the issue here at all, the problem is in your processing of behavior.py, there is problem to generate summary, for failing it i should have luck of details so i can't help, do you have some custom stuff etc etc? need some context as by default that doesn't happent
joser12345678
commented
2 months ago So the setup is as follows:
I have 2 nodes, one master and one worker. The master is working completely fine. The worker is not successfully finishing processing when I submit work to its windows machine. It is finishing processing properly when I submit a sample to the linux machine running on the worker though.
The master is running an instance of mongoDB that I point the worker to in the configuration files. The master is also running the cape-dist service. As far as custom configurations, I have a single windows 10 21h2 and single linux (ubuntu 22) machine on the worker. For the processing configuration, I have it setup like this same as on the master:
# Enable or disable the available processing modules [on/off].
# If you add a custom processing module to your Cuckoo setup, you have to add
# a dedicated entry in this file, or it won't be executed.
# You can also add additional options under the section of your module and
# they will be available in your Python class.
# Community
# exclude files that doesn't match safe extension and ignore their files from processing inside of other modules like CAPE.py
[antiransomware]
enabled = no
# ignore all files with extension found more than X
skip_number = 30
# Community
[curtain]
enabled = no
# Community
[sysmon]
enabled = no
[analysisinfo]
enabled = yes
# Community
# FLARE capa -> to update rules utils/community.py -cr
# install -> cd /tmp && git clone --recurse-submodules https://github.com/fireeye/capa.git && cd capa && git submodule update --init rules && python -m poetry run pip install .
[flare_capa]
enabled = no
# Generate it always or generate on demand only(user need to click button to generate it), still should be enabled to use this feature on demand
on_demand = no
# Analyze binary payloads
static = no
# Analyze CAPE payloads
cape = no
# Analyze ProcDump
procdump = no
# Community
[decompression]
enabled = no
[dumptls]
enabled = no
[amsi]
enabled = no
[behavior]
enabled = yes
# Toggle specific modules within the BehaviorAnalysis class
anomaly = yes
processtree = yes
summary = yes
enhanced = yes
encryptedbuffers = yes
# Should the server use a compressed version of behavioural logs? This helps
# in saving space in Mongo, accelerates searchs and reduce the size of the
# final JSON report.
loop_detection = no
# The number of calls per process to process. 0 switches the limit off.
# 10000 api calls should be processed in less than 2 minutes
analysis_call_limit = 0
# Use ram to boost processing speed. You will need more than 20GB of RAM for this feature.
# Please read "performance" section in the documentation.
ram_boost = no
# https://capev2.readthedocs.io/en/latest/usage/patterns_replacement.html
replace_patterns = no
[strace]
enabled = yes
# Toggle specific modules within the StraceAnalysis class
processtree = yes
platform = linux
[debug]
enabled = yes
[detections]
enabled = yes
# Signatures
behavior = yes
yara = yes
suricata = yes
virustotal = no
clamav = no
# ... but this mechanism may still be switched on
[procmemory]
enabled = yes
strings = yes
[procmon]
enabled = no
[memory]
enabled = no
[usage]
enabled = no
[network]
enabled = yes
sort_pcap = no
# DNS whitelisting to ignore domains/IPs configured in network.py
# This should be disabled when utilizing InetSim/Remnux as we end up resolving
# the IP from fakedns which would then remove all domains associated with that
# resolved IP
dnswhitelist = yes
# additional entries
dnswhitelist_file = extra/whitelist_domains.txt
ipwhitelist = yes
ipwhitelist_file = extra/whitelist_ips.txt
network_passlist = no
network_passlist_file = extra/whitelist_network.txt
# Requires geoip2 and maxmind database
country_lookup = no
# Register and download for free from
# https://www.maxmind.com/ or https://ipinfo.io/
# For maxmind use: GeoLite2 Country
# For ipinfo use: Free IP to Country + IP to ASN
maxmind_database = data/GeoLite2-Country.mmdb
[url_analysis]
enabled = yes
# Enable a WHOIS lookup for the target domain of a URL analyses
whois = yes
[strings]
enabled = yes
on_demand = no
nullterminated_only = no
minchars = 5
# Community
[trid]
# Specify the path to the trid binary to use for static analysis.
enabled = no
identifier = data/trid/trid
definitions = data/trid/triddefs.trd
[die]
# Detect it Easy
enabled = no
binary = /usr/bin/diec
[virustotal]
enabled = yes
on_demand = no
timeout = 60
# remove empty detections
remove_empty = yes
# Add your VirusTotal API key here. The default API key, kindly provided
# by the VirusTotal team, should enable you with a sufficient throughput
# and while being shared with all our users, it shouldn't affect your use.
key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088
do_file_lookup = yes
do_url_lookup = yes
urlscrub = (^http:\/\/serw\.clicksor\.com\/redir\.php\?url=|&InjectedParam=.+$)
[suricata]
# Notes on getting this to work check install_suricata function:
# https://github.com/kevoreilly/CAPEv2/blob/master/installer/cape2.sh
enabled = yes
#Runmode "cli" or "socket"
runmode = socket
#Outputfiles
# if evelog is specified, it will be used instead of the per-protocol log files
evelog = eve.json
# per-protocol log files
#
#alertlog = alert.json
#httplog = http.json
#tlslog = tls.json
#sshlog = ssh.json
#dnslog = dns.json
fileslog = files-json.log
filesdir = files
# Amount of text to carve from plaintext files (bytes)
buffer = 8192
#Used for creating an archive of extracted files
7zbin = /usr/bin/7z
zippass = infected
##Runmode "cli" options
bin = /usr/bin/suricata
conf = /etc/suricata/suricata.yaml
##Runmode "socket" Options
socket_file = /tmp/suricata-command.socket
# Community
[cif]
enabled = no
# url of CIF server
url = https://your-cif-server.com/api
# CIF API key
key = your-api-key-here
# time to wait for server to respond, in seconds
timeout = 60
# minimum confidence level of returned results:
# 25=not confident, 50=automated, 75=somewhat confident, 85=very confident, 95=certain
# defaults to 85
confidence = 85
# don't log queries by default, set to 'no' to log queries
nolog = yes
# max number of results per query
per_lookup_limit = 20
# max number of queries per analysis
per_analysis_limit = 200
[CAPE]
enabled = yes
# Ex targetinfo standalone module
targetinfo = yes
# Ex dropped standalone module
dropped = yes
# Ex procdump standalone module
procdump = yes
# Amount of text to carve from plaintext files (bytes)
buffer = 8192
# Process files not bigger than value below in Mb. We saw that after 90Mb it has biggest delay
max_file_size = 90
# Scan for UserDB.TXT signature matches
userdb_signature = no
# https://capev2.readthedocs.io/en/latest/usage/patterns_replacement.html
replace_patterns = no
# Deduplicate screenshots - You need to install dependency ImageHash>=4.3.1
[deduplication]
#
# Available hashs functions:
# ahash: Average hash
# phash: Perceptual hash
# dhash: Difference hash
# whash-haar: Haar wavelet hash
# whash-db4: Daubechies wavelet hash
enabled = no
hashmethod = ahash
# Community
[vba2graph]
# Mac - brew install graphviz
# Ubuntu - sudo apt-get install graphviz
# Arch - sudo pacman -S graphviz+
# sudo poetry run pip install networkx>=2.1 graphviz>=0.8.4 pydot>=1.2.4
enabled = yes
on_demand = yes
# ja3 finger print db with descriptions
# https://github.com/trisulnsm/trisul-scripts/blob/master/lua/frontend_scripts/reassembly/ja3/prints/ja3fingerprint.json
[ja3]
ja3_path = data/ja3/ja3fingerprint.json
[maliciousmacrobot]
# https://maliciousmacrobot.readthedocs.io
# Install mmbot
# sudo poetry run pip install mmbot
# Create/Set required paths
# Populate benign_path and malicious_path with appropriate macro maldocs (try the tests/samples in the github)
# https://github.com/egaus/MaliciousMacroBot/tree/master/tests/samples
# Create modeldata.pickle with your maldocs (this does not append to the model, it overwrites it)
#
# mmb = MaliciousMacroBot(benign_path, malicious_path, model_path, retain_sample_contents=False)
# result = mmb.mmb_init_model(modelRebuild=True)
#
# Copy your model file and vocab.txt to your model_path
enabled = no
benign_path = /opt/cuckoo/data/mmbot/benign
malicious_path = /opt/cuckoo/data/mmbot/malicious
model_path = /opt/cuckoo/data/mmbot/model
# Community
[xlsdeobf]
# poetry run pip install git+https://github.com/DissectMalware/XLMMacroDeobfuscator.git
enabled = no
on_demand = no
# Community
[boxjs]
enabled = no
timeout = 60
url = http://your_super_box_js:9000
# Community
# Extractors
[mwcp]
enabled = yes
modules_path = modules/processing/parsers/mwcp/
# Community
[ratdecoders]
enabled = yes
modules_path = modules/processing/parsers/RATDecoders/
# Community
[malduck]
enabled = yes
modules_path = modules/processing/parsers/malduck/
[CAPE_extractors]
enabled = yes
# Must ends with /
modules_path = modules/processing/parsers/CAPE/
# Community
[reversinglabs]
enabled = no
url =
key =
# Community
[script_log_processing]
enabled = yes
# Community
# Dump PE's overlay info
[overlay]
enabled = no
# Community
[floss]
enabled = no
on_demand = yes
static_strings = no
stack_strings = yes
decoded_strings = yes
tight_strings = yes
min_length = 5
# Download FLOSS signatures from https://github.com/mandiant/flare-floss/tree/master/sigs
sigs_path = data/flare-signatures
[html_scraper]
enabled = noDo git pull, there were some platform related fixed recently, restar cervices and try again, maybe is something to have due to different arches, is ages since I don't run Linux, only pure windows.but so far you see main_task_id on worker options to any task?
El vie, 5 jul 2024, 19:12, Joseph @.***> escribió:
So the setup is as follows:
I have 2 nodes, one master and one worker. The master is working completely fine. The worker is not successfully finishing processing when I submit work to its windows machine. It is finishing processing properly when I submit a sample to the linux machine running on the worker though.
The master is running an instance of mongoDB that I point the worker to in the configuration files. The master is also running the cape-dist service. As far as custom configurations, I have a single windows 10 21h2 and single linux (ubuntu 22) machine on the worker. For the processing configuration, I have it setup like this same as on the master:
Enable or disable the available processing modules [on/off].
If you add a custom processing module to your Cuckoo setup, you have to add
a dedicated entry in this file, or it won't be executed.
You can also add additional options under the section of your module and
they will be available in your Python class.
Community
exclude files that doesn't match safe extension and ignore their files from processing inside of other modules like CAPE.py
[antiransomware] enabled = no
ignore all files with extension found more than X
skip_number = 30
Community
[curtain] enabled = no
Community
[sysmon] enabled = no
[analysisinfo] enabled = yes
Community
FLARE capa -> to update rules utils/community.py -cr
install -> cd /tmp && git clone --recurse-submodules https://github.com/fireeye/capa.git && cd capa && git submodule update --init rules && python -m poetry run pip install .
[flare_capa] enabled = no
Generate it always or generate on demand only(user need to click button to generate it), still should be enabled to use this feature on demand
on_demand = no
Analyze binary payloads
static = no
Analyze CAPE payloads
cape = no
Analyze ProcDump
procdump = no
Community
[decompression] enabled = no
[dumptls] enabled = no
[amsi] enabled = no
[behavior] enabled = yes
Toggle specific modules within the BehaviorAnalysis class
anomaly = yes processtree = yes summary = yes enhanced = yes encryptedbuffers = yes
Should the server use a compressed version of behavioural logs? This helps
in saving space in Mongo, accelerates searchs and reduce the size of the
final JSON report.
loop_detection = no
The number of calls per process to process. 0 switches the limit off.
10000 api calls should be processed in less than 2 minutes
analysis_call_limit = 0
Use ram to boost processing speed. You will need more than 20GB of RAM for this feature.
Please read "performance" section in the documentation.
ram_boost = no
https://capev2.readthedocs.io/en/latest/usage/patterns_replacement.html
replace_patterns = no
[strace] enabled = yes
Toggle specific modules within the StraceAnalysis class
processtree = yes platform = linux
[debug] enabled = yes
[detections] enabled = yes
Signatures
behavior = yes yara = yes suricata = yes virustotal = no clamav = no
... but this mechanism may still be switched on
[procmemory] enabled = yes strings = yes
[procmon] enabled = no
[memory] enabled = no
[usage] enabled = no
[network] enabled = yes sort_pcap = no
DNS whitelisting to ignore domains/IPs configured in network.py
This should be disabled when utilizing InetSim/Remnux as we end up resolving
the IP from fakedns which would then remove all domains associated with that
resolved IP
dnswhitelist = yes
additional entries
dnswhitelist_file = extra/whitelist_domains.txt ipwhitelist = yes ipwhitelist_file = extra/whitelist_ips.txt network_passlist = no network_passlist_file = extra/whitelist_network.txt
Requires geoip2 and maxmind database
country_lookup = no
Register and download for free from
https://www.maxmind.com/ or https://ipinfo.io/
For maxmind use: GeoLite2 Country
For ipinfo use: Free IP to Country + IP to ASN
maxmind_database = data/GeoLite2-Country.mmdb
[url_analysis] enabled = yes
Enable a WHOIS lookup for the target domain of a URL analyses
whois = yes
[strings] enabled = yes on_demand = no nullterminated_only = no minchars = 5
Community
[trid]
Specify the path to the trid binary to use for static analysis.
enabled = no identifier = data/trid/trid definitions = data/trid/triddefs.trd
[die]
Detect it Easy
enabled = no binary = /usr/bin/diec
[virustotal] enabled = yes on_demand = no timeout = 60
remove empty detections
remove_empty = yes
Add your VirusTotal API key here. The default API key, kindly provided
by the VirusTotal team, should enable you with a sufficient throughput
and while being shared with all our users, it shouldn't affect your use.
key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088 do_file_lookup = yes do_url_lookup = yes urlscrub = (^http:\/\/serw.clicksor.com\/redir.php\?url=|&InjectedParam=.+$)
[suricata]
Notes on getting this to work check install_suricata function:
https://github.com/kevoreilly/CAPEv2/blob/master/installer/cape2.sh
enabled = yes
Runmode "cli" or "socket"
runmode = socket
Outputfiles
if evelog is specified, it will be used instead of the per-protocol log files
evelog = eve.json
per-protocol log files
#
alertlog = alert.json
httplog = http.json
tlslog = tls.json
sshlog = ssh.json
dnslog = dns.json
fileslog = files-json.log filesdir = files
Amount of text to carve from plaintext files (bytes)
buffer = 8192
Used for creating an archive of extracted files
7zbin = /usr/bin/7z zippass = infected
Runmode "cli" options
bin = /usr/bin/suricata conf = /etc/suricata/suricata.yaml
Runmode "socket" Options
socket_file = /tmp/suricata-command.socket
Community
[cif] enabled = no
url of CIF server
url = https://your-cif-server.com/api
CIF API key
key = your-api-key-here
time to wait for server to respond, in seconds
timeout = 60
minimum confidence level of returned results:
25=not confident, 50=automated, 75=somewhat confident, 85=very confident, 95=certain
defaults to 85
confidence = 85
don't log queries by default, set to 'no' to log queries
nolog = yes
max number of results per query
per_lookup_limit = 20
max number of queries per analysis
per_analysis_limit = 200
[CAPE] enabled = yes
Ex targetinfo standalone module
targetinfo = yes
Ex dropped standalone module
dropped = yes
Ex procdump standalone module
procdump = yes
Amount of text to carve from plaintext files (bytes)
buffer = 8192
Process files not bigger than value below in Mb. We saw that after 90Mb it has biggest delay
max_file_size = 90
Scan for UserDB.TXT signature matches
userdb_signature = no
https://capev2.readthedocs.io/en/latest/usage/patterns_replacement.html
replace_patterns = no
Deduplicate screenshots - You need to install dependency ImageHash>=4.3.1
[deduplication] #
Available hashs functions:
ahash: Average hash
phash: Perceptual hash
dhash: Difference hash
whash-haar: Haar wavelet hash
whash-db4: Daubechies wavelet hash
enabled = no hashmethod = ahash
Community
[vba2graph]
Mac - brew install graphviz
Ubuntu - sudo apt-get install graphviz
Arch - sudo pacman -S graphviz+
sudo poetry run pip install networkx>=2.1 graphviz>=0.8.4 pydot>=1.2.4
enabled = yes on_demand = yes
ja3 finger print db with descriptions
https://github.com/trisulnsm/trisul-scripts/blob/master/lua/frontend_scripts/reassembly/ja3/prints/ja3fingerprint.json
[ja3 https://github.com/trisulnsm/trisul-scripts/blob/master/lua/frontend_scripts/reassembly/ja3/prints/ja3fingerprint.json%5Bja3] ja3_path = data/ja3/ja3fingerprint.json
[maliciousmacrobot]
https://maliciousmacrobot.readthedocs.io
Install mmbot
sudo poetry run pip install mmbot
Create/Set required paths
Populate benign_path and malicious_path with appropriate macro maldocs (try the tests/samples in the github)
https://github.com/egaus/MaliciousMacroBot/tree/master/tests/samples
Create modeldata.pickle with your maldocs (this does not append to the model, it overwrites it)
#
mmb = MaliciousMacroBot(benign_path, malicious_path, model_path, retain_sample_contents=False)
result = mmb.mmb_init_model(modelRebuild=True)
#
Copy your model file and vocab.txt to your model_path
enabled = no benign_path = /opt/cuckoo/data/mmbot/benign malicious_path = /opt/cuckoo/data/mmbot/malicious model_path = /opt/cuckoo/data/mmbot/model
Community
[xlsdeobf]
poetry run pip install git+https://github.com/DissectMalware/XLMMacroDeobfuscator.git
enabled = no on_demand = no
Community
[boxjs] enabled = no timeout = 60 url = http://your_super_box_js:9000
Community
Extractors
[mwcp] enabled = yes modules_path = modules/processing/parsers/mwcp/
Community
[ratdecoders] enabled = yes modules_path = modules/processing/parsers/RATDecoders/
Community
[malduck] enabled = yes modules_path = modules/processing/parsers/malduck/
[CAPE_extractors] enabled = yes
Must ends with /
modules_path = modules/processing/parsers/CAPE/
Community
[reversinglabs] enabled = no url = key =
Community
[script_log_processing] enabled = yes
Community
Dump PE's overlay info
[overlay] enabled = no
Community
[floss] enabled = no on_demand = yes static_strings = no stack_strings = yes decoded_strings = yes tight_strings = yes min_length = 5
Download FLOSS signatures from https://github.com/mandiant/flare-floss/tree/master/sigs
sigs_path = data/flare-signatures
[html_scraper] enabled = no
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/2208#issuecomment-2211177811, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH33UO7SA4YNM4AV3HJLZK3HW5AVCNFSM6AAAAABKJ7O5R6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMJRGE3TOOBRGE . You are receiving this because you commented.Message ID: @.***>
doomedraven
commented
2 months ago any update here?
joser12345678
commented
2 months ago Ah yes apologies, got wrapped up in work. Did a gitpull and it fixed things up. Got everything working now. Thank you so much!
doomedraven
commented
2 months ago cool, glad to hear that
About accounts on capesandbox.com
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
I am submitting a malware sample to a worker node from the master node webUI. The analysis completes and I can see all the expected analysis
Current Behavior
The behavoir analysis tab isn't populated on the master webUI, but is on the worker.
The view from the master:
The view from the worker: