Cuckoo Sandbox - malware beware [SIGINT13]by Mark Schloesser, Nex and skier_ via SIGINT 2013

Cuckoo Sandbox is a widely used open-source project for automated dynamic malware analysis. It takes malicious documents or URLs as input and provides both high-level overview reports as well as detailed API call traces of the activities observed inside a virtual machine. The project was founded by Claudio Guarnieri and is mainly developed by four developers in their free time and during weekends.

Cuckoo Sandbox distinguishes from other solutions thanks to its modular design and flexible customization features. Because of this unique emphasis several large IT corporations and security companies run Cuckoo Sandbox to analyze malware samples on a daily basis and it’s often placed alongside with traditional perimeter security products as an added weapon to incident response and security teams’ arsenals. Being open-source, it also empowers independent and academic security researchers to use a full-fledged malware analysis sandbox freely.

For the latest available version we saw more than 8000 downloads and a few hundred constantly running deployments with enabled update-checks. This community also contributes to the project in various forms such as setup instructions, code contributions, behavioral signatures, feature requests and usability feedback and is actively engaged in conversations over mailing lists and IRC.

Published 15 March 2015