This is a script that describes custom ways of processing the analysis result from Cuckoo Sandbox. You can create a custom processing module. By default, processing modules in Cuckoo Sandbox are as follows:
AnalysisInfo (
modules/processing/analysisinfo.py
): This module generates some basic information on the current analysis, such as timestamps, Version of Cuckoo, and so onBehaviorAnalysis (
modules/processing/behavior.py
): This module parses the raw behavioral logs and performs some initial trasnformations and interpretations, including the complete processes tracing, a behavioral summary, and a process treeDebug (
modules/processing/debug.py
): This module includes errors and theanalysis.log
generated by the analyzerDropped (
modules/processing/dropped.py
): This module includes information on the files dropped by the malware and dumped by CuckooNetworkAnalysis (
modules/processing/network.py
): This module parses the PCAP files and extracts network information, such...