[panda-users] Plugin to get system calls similar to Cuckoo's behavioral analysis
Miller, Cody
miller at dasi.msstate.edu
Wed Jun 10 18:24:33 EDT 2015
Brendan,
Thanks for the information. I'll look into it and see what I can come up with.
Thanks,
Cody
-----Original Message-----
From: mooyix at gmail.com [mailto:mooyix at gmail.com] On Behalf Of Brendan Dolan-Gavitt
Sent: Tuesday, June 09, 2015 7:24 PM
To: Miller, Cody
Cc: panda-users at mit.edu
Subject: Re: [panda-users] Plugin to get system calls similar to Cuckoo's behavioral analysis
Hi,
We have done some work on the underlying system call interception you'd need for such a system; see the syscalls2 plugin.
Some of that has further been encapsulated into the win7proc plugin, which logs specific system calls and their arguments to track process creation/exit, registry key access, file access, and a few others. It produces reports in the pandalog format, which is documented here:
https://github.com/moyix/panda/blob/master/docs/pandalog.md
At the moment, though, there's no plugin that provides as much information as you'd get from Cuckoo. It's definitely something we'd love to see though! The win7proc plugin may provide a good starting point if you want to build such a thing.
-Brendan
On Tue, Jun 9, 2015 at 5:16 PM, Miller, Cody <miller at dasi.msstate.edu> wrote:
> Hello,
>
>
>
> Cuckoo Sandbox is able to generate a report for system calls for the
> sample and any additional processes started by that sample. Has any
> work been done to accomplish this using a PANDA replay?
>
>
>
> An example of the type of information I am seeking from PANDA (in the
> Behavioral Analysis tab):
> https://malwr.com/analysis/ODlkMGJlZTI1OWU0NGI1Y2E0M2MxMDdmMDAyNjMxMzU
> /
>
>
>
> Thanks,
>
> Cody
>
>
>
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
More information about the panda-users
mailing list