home

The overarching goal of this project is to create support for analyzing Mac OS X files in the Cuckoo Sandbox (http://cuckoosandbox.org/). When this was done in the summer of 2014, Cuckoo had no analysis capabilities on Mac, but it could be installed on a host Mac. The main scope of the project was to add in a darwin analyzer to work with the existing framework.

Instructions

• How to Set Up Cuckoo
• How to Set Up a VM
• How to Use Cuckoo

Documentation on the Cuckoo Code

• The Cuckoo Analyzer
• Processing Modules
• Bugs
• Future Work

Helpful Links

The FireEye Blog - for malware analysis examples
reverse.put.as - good info on reverse engineering OS X
Contagio - for malware samples

All Added/Changed Files

A complete list of everything added to Cuckoo.

• Everything in and including the cuckoo-master/analyzer/darwin/ folder
• Processing modules in cuckoo-master/modules/processing/:
  • behavior_osx.py
  • filter_syscall.py
  • static_macho.py
  • macho_data.py

Copyright (2014) Sandia Corporation. Under the terms of Contract DE-AC04-94AL85000, there is a non-exclusive license for use of this work by or on behalf of the U.S. Government.

NOTICE: For five (5) years from the United States Government is granted for itself and others acting on its behalf a paid-up, nonexclusive, irrevocable worldwide license in this data to reproduce, prepare derivative works, and perform publicly and display publicly, by or on behalf of the Government. There is provision for the possible extension of the term of this license. Subsequent to that period or any extension granted, the United States Government is granted for itself and others acting on its behalf a paid-up, nonexclusive, irrevocable worldwide license in this data to reproduce, prepare derivative works, distribute copies to the public, perform publicly and display publicly, and to permit others to do so. The specific term of the license can be identified by inquiry made to Sandia Corporation or DOE. NEITHER THE UNITED STATES GOVERNMENT, NOR THE UNITED STATES DEPARTMENT OF ENERGY, NOR SANDIA CORPORATION, NOR ANY OF THEIR EMPLOYEES, MAKES ANY WARRANTY, EXPRESS OR IMPLIED, OR ASSUMES ANY LEGAL RESPONSIBILITY FOR THE ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION, APPARATUS, PRODUCT, OR PROCESS DISCLOSED, OR REPRESENTS THAT ITS USE WOULD NOT INFRINGE PRIVATELY OWNED RIGHTS. Any licensee of this software has the obligation and responsibility to abide by the applicable export control laws, regulations, and general prohibitions relating to the export of technical data. Failure to obtain an export control license or other authority from the Government may result in criminal liability under U.S. laws.