Signature Conversion: Cuckoo 2.0

[kevross33]

Hi Brad,

Not really an issue but I don't know where to put this. Anyway I have started converting some of the signatures that I can do over to cuckoo 2.0. Obviously there are ones that can't be done without changes & ones I am not sure about how to convert but I figure if I get some out of the way then at least that gives some extra detections over & also makes it easier in that regard some of the work is done if anyone else wanted to look at taking stuff from cuckoo-modified over.

My questions are:

• Is all licensing ok to go over for the sigs with proper credit, GPL notifications etc OK? I have done some with explicitely specify this as part of GPL and I assume the result are but thought I better make sure. Here is an example of one I have done that was provided by Will (the rest were ones I had done myself, network document file, ransomware etc) https://github.com/cuckoosandbox/community/pull/81

There is also some with a header like this I was unsure about so have held back from looking at so are these ok too permission wise to go over

Copyright (C) 2014 Optiv, Inc. (brad.spengler@optiv.com)

This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org

See the file 'docs/LICENSE' for copying permission.

• Is there any intention for cuckoo-2.0 to be brought into cuckoo-modified or some of the high level concepts taken over or is the intention to maintain seperate projects at this point? If you are is there anything you would like me make sure I am doing to make life easier?
• If there is an intention of migrating some of the work over do you want me to maintain some kind of log about what I have done (again I will only be focusing on signatures that I can do)? If so how should i notify of that?

I intend to still do what I can wihin cuckoo-modified anyway for signatures and stuff and anything else in the future I can do as cuckoo-modified provides excellent detail but I am just also wanting to get the signatures I can over to cuckoo-2.0 as there useful things there too (as well as android and stuff) so just doing what I can to get stuff over so at the very least there are a few more extra sigs reporting if a user is doing an analysis in cuckoo 2.0.

[spender-sandbox]

Their community repo doesn't require their CLA (that allows them to resell your work to companies under proprietary licenses), so you're free to do whatever with the code.

-Brad

[kevross33]

OK great thanks. Hopefully this effort will be useful in general to the community if I can do what I can.