Index
A
- analysis.conf file / Submitting a malware Word document
- analysis.log file / Submitting a malware Word document
- analysis directory
- structure / Submitting a malware Word document
- AnalysisInfo module / The processing module
- apt-get command / Install Python in Ubuntu
- apt-get command line / Creating a MAEC Report
- APT attack
- analyzing, Volatility used / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- analyzing, Cuckoo Sandbox used / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- analyzing, Yara used / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- Attached to drop-down menu / Submitting a malicious URL – http://youtibe.com
- author server / Malware analysis lab
- automated malware analysis
- implementing, drawback / Malware analysis lab
B
- .bashrc file / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- <basedir> / Automating e-mail attachments with Cuckoo MX
- BAT file / Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
- BehaviorAnalysis module / The processing module
- Behaviour tab / Creating a built-in report in HTML format
- binary file / Submitting a malware Word document
- submitting / Submitting a binary file – Sality.G.exe
- Bokken
- about / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- running, from unity dashboard / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- bottlepy library / Install Python in Ubuntu
- built-in report
- creating, in HTML format / Creating a built-in report in HTML format
C
- Canari Framework
- command line options
- -h, --help / Starting Cuckoo
- -q, --quiet / Starting Cuckoo
- -d, --debug / Starting Cuckoo
- -v, --version / Starting Cuckoo
- -a, --artwork / Starting Cuckoo
- configuration files, Cuckoo Sandbox installation
- cuckoo.conf / cuckoo.conf
- <machinemanager>.conf / <machinemanager>.conf
- processing.conf / processing.conf
- reporting.conf / reporting.conf
- Continue button / Submitting a malware Word document, Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
- Cuckoo / Malware analysis methodologies
- data report analysis, exporting from / Exporting data report analysis from Cuckoo to another format
- cuckoo.conf file / cuckoo.conf
- cuckooforcanari
- CuckooMon source code
- CuckooMX
- Cuckoo Sandbox
- about / Cuckoo Sandbox
- files / Cuckoo Sandbox
- results / Cuckoo Sandbox
- components / Cuckoo Sandbox
- installing / Installing Cuckoo Sandbox
- setting, in Host OS / Setting up Cuckoo Sandbox in the Host OS
- starting / Starting Cuckoo
- malware samples, submitting to / Submitting malware samples to Cuckoo Sandbox
- submission utility, examples / Submitting malware samples to Cuckoo Sandbox
- memory forensic, memory dump features used / Memory forensic using Cuckoo Sandbox – using memory dump features
- procesing modules / The processing module
- default configurations, modifying / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- used, for analyzing APT attack / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- hardening, against VM detection / Hardening Cuckoo Sandbox against VM detection
- integrating, with Maltego project / Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project
- Maltego, installing / Installing Maltego
- Cuckoo Sandbox installation
- hardware requirements / Hardware requirements
- host OS, preparing / Preparing the host OS
- requirements / Requirements
- Python, installing in Ubuntu / Install Python in Ubuntu
- Guest OS, preparing / Preparing the Guest OS
- user, creating / Creating a user
- configuration files, configuring / Installing Cuckoo Sandbox
- Cuckoo Scanning
- e-mail attachments, automating with / Automating e-mail attachments with Cuckoo MX
- Cuckoo Version 0.5
D
- <db> / Automating e-mail attachments with Cuckoo MX
- data report analysis
- exporting, from Cuckoo to another Format / Exporting data report analysis from Cuckoo to another format
- Debug module / The processing module
- Devices option / Setting up a shared folder between Host OS and Guest OS
- Download Cuckoo! button / Setting up Cuckoo Sandbox in the Host OS
- dpkt library / Install Python in Ubuntu
- Dropped Files section / Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
- Dropped Files tab / Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls, Creating a built-in report in HTML format
- Dropped module / The processing module
- dump.pcap file / Submitting a malware Word document
- dynamic analysis / Malware analysis methodologies
E
- e-mail attachments
- automating, with Cuckoo Scanning / Automating e-mail attachments with Cuckoo MX
F
- files directory / Submitting a malware Word document
- File tab / Submitting a malware Word document, Creating a built-in report in HTML format
G
- <guest> / Automating e-mail attachments with Cuckoo MX
- gedit / Creating a MAEC Report
- Guest OS, preparing
- required specifications / Preparing the Guest OS
- network, configuring / Configuring the network
- shared folder, setting up between Host OS and Guest OS / Setting up a shared folder between Host OS and Guest OS
- guest addition, installing / Setting up a shared folder between Host OS and Guest OS
H
- Hosts Involved option / Submitting a malware Word document
- HTML format
- built-in report, creating / Creating a built-in report in HTML format
I
- IDA Pro
- Info tab / Creating a built-in report in HTML format
- installation, Volatility / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
J
- jinja2 library / Install Python in Ubuntu
L
- libvirt library / Install Python in Ubuntu
- logs directory / Submitting a malware Word document
M
- <machinemanager>.conf file / <machinemanager>.conf
- MAEC
- URL / Creating a MAEC Report
- about / Creating a MAEC Report
- MAEC Report
- creating / Creating a MAEC Report
- magic library / Install Python in Ubuntu
- malicious URL
- submitting / Submitting a malicious URL – http://youtibe.com, Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
- youtibe.com / Submitting a malicious URL – http://youtibe.com
- http*//ziti.cndesign.com/biaozi/fdc/page_07.htm / Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm
- malicious URL, youtibe.com
- submitting / Submitting a malicious URL – http://youtibe.com
- Maltego
- installing / Installing Maltego
- Maltego project
- Cuckoo Sandbox, integrating with / Cuckooforcanari – integrating Cuckoo Sandbox with the Maltego project
- malware analysis
- methodologies / Malware analysis methodologies
- malware analysis, methodologies
- static analysis / Malware analysis methodologies
- dynamic analysis / Malware analysis methodologies
- malware analysis lab / Malware analysis lab
- malware Excel document
- CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls / Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
- submitting / Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
- malware PDF document
- aleppo_plan_cercs.pdf / Submitting a malware PDF document – aleppo_plan_cercs.pdf
- submitting / Submitting a malware PDF document – aleppo_plan_cercs.pdf
- malware samples
- submitting, to Cukoo Sandbox / Submitting malware samples to Cuckoo Sandbox
- malware Word document
- submitting / Submitting a malware Word document
- McAfee antivirus / Submitting a malware PDF document – aleppo_plan_cercs.pdf
- memory.dmp file / Submitting a malware Word document
- memory forensic
- Cuckoo Sandbox, using / Memory forensic using Cuckoo Sandbox – using memory dump features
- Volatility, using / Additional memory forensic using Volatility, Using Volatility
N
- NetworkAnalysis module / The processing module
- Network section / Submitting a malicious URL – http://youtibe.com
- Network tab / Submitting a malware Word document, Creating a built-in report in HTML format
O
- optional arguments
- --help / Submitting malware samples to Cuckoo Sandbox
- --url / Submitting malware samples to Cuckoo Sandbox
- --package PACKAGE / Submitting malware samples to Cuckoo Sandbox
- --custom CUSTOM / Submitting malware samples to Cuckoo Sandbox
- --timeout TIMEOUT / Submitting malware samples to Cuckoo Sandbox
- --options OPTIONS / Submitting malware samples to Cuckoo Sandbox
- --priority PRIORITY / Submitting malware samples to Cuckoo Sandbox
- --machine MACHINE / Submitting malware samples to Cuckoo Sandbox
- --platform PLATFORM / Submitting malware samples to Cuckoo Sandbox
- --memory / Submitting malware samples to Cuckoo Sandbox
- --enforce-timeout / Submitting malware samples to Cuckoo Sandbox
- OSINT
P
- Pafish
- Paterva
- pefile libraray / Install Python in Ubuntu
- PIL (Python Imaging Library) / Setting up a shared folder between Host OS and Guest OS
- Pip tool / Install Python in Ubuntu
- positional argument
- Processes section / Submitting a binary file – Sality.G.exe, Memory forensic using Cuckoo Sandbox – using memory dump features
- processing.conf file / processing.conf
- processing modules, Cuckoo Sandbox
- about / The processing module
- AnalysisInfo / The processing module
- BehaviorAnalysis / The processing module
- Debug / The processing module
- Dropped / The processing module
- NetworkAnalysis / The processing module
- StaticAnalysis / The processing module
- Strings / The processing module
- TargetInfo / The processing module
- VirusTotal / The processing module
- pydeep library / Install Python in Ubuntu
- Pyew
- pymongo library / Install Python in Ubuntu
- Python-PDFKit
- Python Functions utility / Submitting malware samples to Cuckoo Sandbox
R
- Radare
- report.html file / Submitting a malware Word document
- Report class / Exporting data report analysis from Cuckoo to another format
- reporting.conf file / reporting.conf
- reports directory / Submitting a malware Word document
- REST API utility / Submitting malware samples to Cuckoo Sandbox
- run() function / Exporting data report analysis from Cuckoo to another format
S
- <sendmailpath> / Automating e-mail attachments with Cuckoo MX
- Sality / Submitting a binary file – Sality.G.exe
- Sality.G.exe, binary file
- submitting / Submitting a binary file – Sality.G.exe
- Sality.G.exe screenshot / Submitting a binary file – Sality.G.exe
- sandboxing
- about / Basic theory in Sandboxing
- screenshots tab / Creating a built-in report in HTML format
- self.analysis_path attribute / Exporting data report analysis from Cuckoo to another format
- self.conf_path attribute / Exporting data report analysis from Cuckoo to another format
- self.options attribute / Exporting data report analysis from Cuckoo to another format
- self.reports_path attribute / Exporting data report analysis from Cuckoo to another format
- Settings option / Configuring the network
- shellcode
- shots directory / Submitting a malware Word document
- signatures tab / Creating a built-in report in HTML format
- snapshot / Malware analysis lab
- ssdeep library / Install Python in Ubuntu
- static analysis / Malware analysis methodologies
- StaticAnalysis module / The processing module
- Static Analysis section / Submitting a binary file – Sality.G.exe
- static analysis tab / Creating a built-in report in HTML format
- Strings module / The processing module
- submit.py utility / Submitting malware samples to Cuckoo Sandbox
- Success message / Submitting a malware Word document, Submitting a malware PDF document – aleppo_plan_cercs.pdf, Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls, Submitting a malicious URL – http://youtibe.com, Submitting a malicious URL – http://ziti.cndesign.com/biaozi/fdc/page_07.htm, Submitting a binary file – Sality.G.exe, Memory forensic using Cuckoo Sandbox – using memory dump features
T
- Take Snapshot button / Starting Cuckoo
- TargetInfo module / The processing module
- Terminal tab / Submitting a malware PDF document – aleppo_plan_cercs.pdf, Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls
- TreeLine
- installing / Creating a MAEC Report
V
- virtualbox.conf file / Submitting a malicious URL – http://youtibe.com
- VirusTotal module / The processing module, Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- VirusTotal section / Submitting a malware PDF document – aleppo_plan_cercs.pdf, Submitting a malware Excel document – CVE-2011-0609_XLS-SWF-2011-03-08_crsenvironscan.xls, Submitting a binary file – Sality.G.exe, Memory forensic using Cuckoo Sandbox – using memory dump features
- Volatility
- about / Memory forensic using Cuckoo Sandbox – using memory dump features
- used, for memory forensic / Additional memory forensic using Volatility, Using Volatility
- using, steps / Using Volatility
- installing / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- used, for analyzing APT attack / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- Volatility Framework tool / Additional memory forensic using Volatility
W
- Wireshark packet analyzer / Submitting a malware Word document
- wkhtmltopdf
X
- Xavier Mertens
Y
- Yara
- used, for analyzing APT attack / Analyzing an APT attack using Cuckoo Sandbox, Volatility, and Yara
- yara library / Install Python in Ubuntu
- yara python library / Install Python in Ubuntu
- Yara rule