Created
January 5, 2019 07:28
-
-
Save staybuzz/6c3e2290d526a89e8ecf5cc7d037295d to your computer and use it in GitHub Desktop.
List of Cuckoo Sandbox 2.0 signature's name and categories. Signatures from https://github.com/cuckoosandbox/community/tree/2.0/modules/signatures are as of January 5, 2019.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name | categories | |
---|---|---|
alina_pos_file | ['pos'] | |
alina_pos_url | ['pos'] | |
allocates_rwx | ['unpacking'] | |
android_antivirus_virustotal | ['antivirus'] | |
android_dangerous_permissions | ['android'] | |
android_dynamic_code | ['android'] | |
android_embedded_apk | ['android'] | |
android_google_play_diff | ['android'] | |
android_native_code | ['android'] | |
android_reflection_code | ['android'] | |
andromeda | ['rat'] | |
antidbg_devices | ['anti-debug'] | |
antidbg_windows | ['anti-debug'] | |
antiemu_wine | ['anti-emulation'] | |
antisandbox_file | ['anti-sandbox'] | |
antisandbox_foregroundwindows | ['anti-sandbox'] | |
antisandbox_idletime | ['anti-sandbox'] | |
antisandbox_mouse_hook | ['hooking', 'anti-sandbox'] | |
antisandbox_sleep | ['anti-sandbox'] | |
antisandbox_sunbelt | ['anti-vm'] | |
antisandbox_unhook | ['anti-sandbox'] | |
antivirus_virustotal | ['antivirus'] | |
antivm_firmware | ['anti-vm'] | |
antivm_generic_bios | ['anti-vm'] | |
antivm_generic_disk | ['anti-vm'] | |
antivm_generic_ide | ['anti-vm'] | |
antivm_generic_scsi | ['anti-vm'] | |
antivm_generic_services | ['anti-vm'] | |
antivm_sandboxie | ['anti-vm'] | |
antivm_vbox_acpi | ['anti-vm'] | |
antivm_vbox_devices | ['anti-vm'] | |
antivm_vbox_files | ['anti-vm'] | |
antivm_vbox_keys | ['anti-vm'] | |
antivm_vbox_window | ['anti-vm'] | |
antivm_virtualpc | ['anti-vm'] | |
antivm_virtualpc_illegal_instruction | ['anti-vm'] | |
antivm_vmware_files | ['anti-vm'] | |
antivm_vmware_in_instruction | ['anti-vm'] | |
antivm_vmware_keys | ['anti-vm'] | |
application_aborted_broadcast_receiver | ['android'] | |
application_deleted_app | ['android'] | |
application_executed_shell_command | ['android'] | |
application_installed_app | ['android'] | |
application_queried_account_info | ['android'] | |
application_queried_installed_apps | ['android'] | |
application_queried_phone_number | ['android'] | |
application_queried_private_information | ['android'] | |
application_recording_audio | ['android'] | |
application_registered_receiver_runtime | ['android'] | |
application_sent_sms_messages | ['android'] | |
application_stopped_processes | ['android'] | |
application_uses_location | ['android'] | |
application_using_the_camera | ['android'] | |
apt_carbunak | ['apt'] | |
apt_cloudatlas | ['apt'] | |
apt_inception | ['apt'] | |
apt_sandworm_ip | ['apt'] | |
apt_sandworm_url | ['apt'] | |
apt_turlacarbon | ['apt'] | |
ardamax_mutexes | ['keylogger'] | |
athena_url | ['athena'] | |
av_detect_china_key | ['avdetect'] | |
backdoor_tdss | ['backdoor'] | |
backdoor_vanbot | ['backdoor'] | |
backdoor_whimoo | ['backdoor'] | |
bad_certificate | [''] | |
bagle | ['worm'] | |
bandook | ['rat'] | |
banker_bancos | ['trojan'] | |
banker_cridex | ['Banking', 'Trojan'] | |
banker_prinimalka | ['banker'] | |
banker_spyeye_mutexes | ['banker'] | |
banker_spyeye_url | ['banker'] | |
banker_tinba_mutexes | ['rat'] | |
banker_zeus_mutex | ['banker'] | |
banker_zeus_p2p | ['banker'] | |
banker_zeus_url | ['banker'] | |
banking_mutexes | ['banking'] | |
banload | ['trojan'] | |
begseabugtd_mutexes | ['trojandl'] | |
betabot_url | ['betabot'] | |
bitcoin_opencl | ['bitcoin'] | |
blackenergy_mutexes | ['rootkit'] | |
blackpos_url | ['blackpos'] | |
bladabindi_mutexes | ['rat'] | |
bot_athenahttp | ['bot', 'ddos'] | |
bot_dirtjumper | ['bot', 'ddos'] | |
bot_drive | ['bot', 'ddos'] | |
bot_drive2 | ['bot', 'ddos'] | |
bot_madness | ['bot', 'ddos'] | |
bot_russkill | ['bot', 'ddos'] | |
bot_vnloader_url | ['bot'] | |
bozok_key | ['rat'] | |
btc | ['rat'] | |
bypass_firewall | ['bypass'] | |
c24_url | ['C24 Stealer'] | |
carberp_mutex | ['banker', 'trojan', 'rootkit'] | |
chanitor_mutexes | ['ransom'] | |
cloud_dropbox | ['cloud'] | |
cloud_google | ['cloud'] | |
cloud_mediafire | ['cloud'] | |
cloud_mega | ['cloud'] | |
cloud_rapidshare | ['recon'] | |
cloud_wetransfer | ['cloud'] | |
Cloudflare | ['Cloudflare'] | |
coinminer_mutexes | ['trojan'] | |
creates_doc | ['generic'] | |
creates_exe | ['generic'] | |
creates_service | ['service'] | |
cryptlocker | ['rat'] | |
cybergate | ['rat'] | |
darkcloud | ['rat'] | |
darwin_code_injection | ['injection'] | |
ddos_blackrev_mutexes | ['ddos'] | |
ddos_darkddos_mutexes | ['ddos'] | |
ddos_eclipse_mutexes | ['ddos'] | |
ddos_ipkiller_mutexes | ['ddos'] | |
ddos556 | ['rat'] | |
dead_host | ['network'] | |
decay | ['rat'] | |
decebal_mutexes | ['pos'] | |
detect_putty | ['ssh'] | |
dexter | ['pos'] | |
disables_security | ['anti-av'] | |
dns_freehosting_domain | ['freehosting'] | |
dns_tld_by | ['tldwatch'] | |
dns_tld_cc | ['tldwatch'] | |
dns_tld_onion | ['tldwatch'] | |
dns_tld_pw | ['tldwatch'] | |
dns_tld_ru | ['tldwatch'] | |
dns_tld_su | ['tldwatch'] | |
dnsserver_dynamic | ['dns'] | |
dofoil | ['virus'] | |
downloader_cabby | ['downloader'] | |
dumped_buffer | [''] | |
dumped_buffer2 | [''] | |
dyreza | ['banking'] | |
encryption_keys | [''] | |
eval_js | ['unpacking'] | |
evilbot | ['rat'] | |
exec_crash | ['execution', 'crash'] | |
exp_3322_dom | ['expdom'] | |
expiro | ['rat'] | |
exploit_blackhole_url | ['exploit'] | |
exploitkit_mutexes | ['exploit'] | |
fakeav_mutexes | ['rat'] | |
fakeav_mutexes | ['rat'] | |
farfli | ['rat'] | |
fesber_mutexes | ['worm'] | |
fraudtool_fakerean | ['fraudtool'] | |
gaelicum | ['worm'] | |
ghostbot | ['rat'] | |
has_authenticode | [''] | |
has_pdb | [''] | |
has_wmi | [''] | |
hesperbot | ['rat'] | |
icepoint | ['rat'] | |
im_btb | ['im'] | |
im_qq | ['im'] | |
infinity | ['rat'] | |
infostealer_browser | ['infostealer'] | |
infostealer_derusbi_files | ['infostealer'] | |
infostealer_ftp | ['infostealer'] | |
infostealer_keylogger | ['generic'] | |
infostealer_mail | ['infostealer'] | |
injection_runpe | ['injection'] | |
injection_thread | ['injection'] | |
installs_appinit | ['persistence'] | |
installs_bho | ['browser'] | |
ircbrute | ['rat'] | |
isrstealer_url | ['isrstealer'] | |
istealer_url | ['istealer'] | |
jackpos_file | ['pos'] | |
jackpos_url | ['jackpos'] | |
jeefo_mutexes | ['virus'] | |
jintor_mutexes | ['keylogger'] | |
karagany | ['rat'] | |
karakum | ['rat'] | |
katusha | ['rat'] | |
killdisk | ['trojan'] | |
koobface | ['rat'] | |
krepper_mutexes | ['worm'] | |
kuluoz_mutexes | ['rat'] | |
locates_browser | [''] | |
locates_sniffer | [''] | |
locker_cmd | ['locker'] | |
locker_regedit | ['locker'] | |
locker_taskmgr | ['locker'] | |
luder | ['rat'] | |
madness_url | ['madness'] | |
magania_mutexes | ['rat'] | |
memdump_urls | ['unpacking'] | |
minerbot | ['rat'] | |
miningpool | ['mining'] | |
mirc_file | ['tool'] | |
modifies_files | [''] | |
mutex_winscp | ['filetransfer'] | |
nakbot | ['rat'] | |
netshadow | ['rat'] | |
netwire | ['rat'] | |
network_bind | ['bind'] | |
network_http | ['http'] | |
network_icmp | ['icmp'] | |
network_irc | ['irc'] | |
network_smtp | ['smtp', 'spam'] | |
network_tor | ['network', 'anonimity', 'tor'] | |
network_tor_service | ['network', 'anonimity', 'tor'] | |
network_tor2web | ['network'] | |
networkdyndns_checkip | ['dyndns'] | |
nitol | ['rat'] | |
njrat | ['rat'] | |
obfus_mutexes | ['trojan'] | |
oldrea | ['rat'] | |
origin_langid | ['origin'] | |
packer_entropy | ['packer'] | |
packer_polymorphic | ['packer'] | |
packer_upx | ['packer'] | |
packer_vmprotect | ['packer'] | |
pe_features | ['packer'] | |
perflogger | ['keylogger'] | |
persistence_ads | ['persistence', 'ads'] | |
persistence_autorun | ['persistence'] | |
pidief | ['trojan'] | |
poebot | ['rat'] | |
poisonivy | ['rat'] | |
ponfoy | ['rat'] | |
ponybot_url | ['ponybot'] | |
pos_poscardstealer_url | ['pos'] | |
puce_mutexes | ['worm'] | |
putterpanda_mutexes | ['rat'] | |
pwdump_file | ['hacktool'] | |
qakbot | ['rat'] | |
ragebot | ['rat'] | |
raises_exception | [''] | |
ramnit | ['rat'] | |
ransomware_bcdedit | ['ransomware'] | |
ransomware_files | ['ransomware'] | |
rat_adzok | ['rat'] | |
rat_beastdoor | ['rat'] | |
rat_beebus_mutexes | ['rat'] | |
rat_bifrose | ['rat'] | |
rat_blackhole | ['rat'] | |
rat_blackice | ['rat'] | |
rat_blackshades | ['rat'] | |
rat_bottilda | ['rat'] | |
rat_buzus_mutexes | ['rat'] | |
rat_comRAT | ['APT', 'RAT'] | |
rat_darkshell | ['rat'] | |
rat_delf | ['trojan'] | |
rat_dibik | ['rat'] | |
rat_fexel_ip | ['rat'] | |
rat_flystudio | ['rat'] | |
rat_fynloski | ['rat'] | |
rat_hikit | ['rat'] | |
rat_hupigon | ['rat'] | |
rat_jewdo | ['rat'] | |
rat_koutodoor | ['rat'] | |
rat_likseput | ['rat'] | |
rat_lolbot | ['backdoor'] | |
rat_madness | ['rat'] | |
rat_mybot | ['rat'] | |
rat_naid_ip | ['rat'] | |
rat_netobserve | ['rat'] | |
rat_pasta | ['rat'] | |
rat_pcclient | ['rat'] | |
rat_plugx | ['rat'] | |
rat_rbot | ['rat'] | |
rat_sdbot | ['backdoor'] | |
rat_shadowbot | ['rat'] | |
rat_siggenflystudio | ['rat'] | |
rat_spynet | ['rat'] | |
rat_swrort | ['rat'] | |
rat_teamviewer | ['rat'] | |
rat_travnet | ['rat'] | |
rat_trogbot | ['rat'] | |
rat_turkojan | ['rat'] | |
rat_urxbot | ['rat'] | |
rat_vertex | ['rat'] | |
rat_xtreme | ['rat'] | |
rat_zegost | ['rat'] | |
rdp_mutexes | ['rat'] | |
recon_checkip | ['recon'] | |
recon_fingerprint | ['recon'] | |
recon_systeminfo | ['recon'] | |
renostrojan | ['trojan'] | |
rovnix | ['banker', 'trojan'] | |
runouce_mutexes | ['worm'] | |
sadbot | ['rat'] | |
self_delete_bat | ['trojan'] | |
senna | ['rat'] | |
sharing_rghost | ['filesharing'] | |
sharpstealer_url | ['sharpstealer'] | |
shiza | ['rat'] | |
shutdown_system | ['anti-sandbox'] | |
shylock | ['rat'] | |
SipStun | [''] | |
smtp_gmail | ['smtp'] | |
smtp_live | ['smtp'] | |
smtp_mail_ru | ['smtp'] | |
smtp_yahoo | ['smtp'] | |
sniffer_winpcap | ['sniffer'] | |
snort_alert | ['network'] | |
solarbot_url | ['solarbot'] | |
spreading_autoruninf | ['spreading'] | |
spyrecorder | ['rat'] | |
staser | ['rat'] | |
stops_service | ['anti-av'] | |
suricata_alert | ['network'] | |
suspicious_powershell | ['packer'] | |
suspicious_process | ['packer'] | |
sweetorange_mutexes | ['exploit'] | |
TAPI_DP_mutex | ['fraud'] | |
targeted_flame | ['targeted'] | |
task_for_pid | ['injection'] | |
tnega_mutexes | ['trojan'] | |
trojan_bublik | ['rat'] | |
trojan_ceatrg | ['trojan'] | |
trojan_dapato | ['trojan'] | |
trojan_emotet | ['trojan'] | |
trojan_jorik | ['trojan'] | |
trojan_jorik | ['trojan'] | |
trojan_kilim | ['trojan'] | |
trojan_lethic | ['trojan'] | |
trojan_lockscreen | ['trojan'] | |
trojan_mrblack | ['trojan'] | |
trojan_pincav | ['trojan'] | |
trojan_redosru | ['trojan'] | |
trojan_sysn | ['trojan'] | |
trojan_vbinject | ['trojan'] | |
trojan_yoddos | ['trojan'] | |
tufik_mutexes | ['virus'] | |
UFR_Stealer | ['rat'] | |
upatre | ['rat'] | |
upatretd_mutexes | ['trojandl'] | |
urlshortcn_checkip | ['urlshort'] | |
urlspy | ['rat'] | |
uroburos_file | ['rat'] | |
uroburos_mutexes | ['rat'] | |
uses_windows_utilities | [''] | |
vertex_url | ['vertex'] | |
vir_napolar | ['vir'] | |
vir_nebuler | ['trojan'] | |
vir_pykse | ['worm'] | |
virut | ['rat'] | |
vnc_mutexes | ['rat'] | |
volatility_devicetree_1 | ['generic'] | |
volatility_handles_1 | ['generic'] | |
volatility_ldrmodules_1 | ['generic'] | |
volatility_ldrmodules_2 | ['generic'] | |
volatility_malfind_2 | ['generic'] | |
volatility_modscan_1 | ['generic'] | |
volatility_svcscan_1 | ['generic'] | |
volatility_svcscan_2 | ['generic'] | |
volatility_svcscan_3 | ['generic'] | |
wakbot | ['rat'] | |
warbot_url | ['warbot'] | |
winsxsbot | ['work'] | |
worm_allaple | ['worm'] | |
worm_kolabc | ['worm'] | |
worm_palevo | ['worm'] | |
worm_phorpiex | ['worm'] | |
worm_psyokym | ['worm'] | |
worm_renocide | ['worm'] | |
worm_rungbu | ['worm'] | |
worm_xworm | ['worm'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment