[panda-users] Plugin to get system calls similar to Cuckoo's behavioral analysis
Brendan Dolan-Gavitt
brendandg at gatech.edu
Tue Jun 9 20:24:05 EDT 2015
Hi,
We have done some work on the underlying system call interception
you'd need for such a system; see the syscalls2 plugin.
Some of that has further been encapsulated into the win7proc plugin,
which logs specific system calls and their arguments to track process
creation/exit, registry key access, file access, and a few others. It
produces reports in the pandalog format, which is documented here:
https://github.com/moyix/panda/blob/master/docs/pandalog.md
At the moment, though, there's no plugin that provides as much
information as you'd get from Cuckoo. It's definitely something we'd
love to see though! The win7proc plugin may provide a good starting
point if you want to build such a thing.
-Brendan
On Tue, Jun 9, 2015 at 5:16 PM, Miller, Cody <miller at dasi.msstate.edu> wrote:
> Hello,
>
>
>
> Cuckoo Sandbox is able to generate a report for system calls for the sample
> and any additional processes started by that sample. Has any work been done
> to accomplish this using a PANDA replay?
>
>
>
> An example of the type of information I am seeking from PANDA (in the
> Behavioral Analysis tab):
> https://malwr.com/analysis/ODlkMGJlZTI1OWU0NGI1Y2E0M2MxMDdmMDAyNjMxMzU/
>
>
>
> Thanks,
>
> Cody
>
>
>
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
More information about the panda-users
mailing list