Skip to content

Instantly share code, notes, and snippets.

@staybuzz

staybuzz/cuckoo_sig_categories_ver2.0.csv

Created January 5, 2019 07:28
Show Gist options
  • Save staybuzz/6c3e2290d526a89e8ecf5cc7d037295d to your computer and use it in GitHub Desktop.
Save staybuzz/6c3e2290d526a89e8ecf5cc7d037295d to your computer and use it in GitHub Desktop.
Download ZIP
List of Cuckoo Sandbox 2.0 signature's name and categories. Signatures from https://github.com/cuckoosandbox/community/tree/2.0/modules/signatures are as of January 5, 2019.
Raw
cuckoo_sig_categories_ver2.0.csv
name categories
alina_pos_file ['pos']
alina_pos_url ['pos']
allocates_rwx ['unpacking']
android_antivirus_virustotal ['antivirus']
android_dangerous_permissions ['android']
android_dynamic_code ['android']
android_embedded_apk ['android']
android_google_play_diff ['android']
android_native_code ['android']
android_reflection_code ['android']
andromeda ['rat']
antidbg_devices ['anti-debug']
antidbg_windows ['anti-debug']
antiemu_wine ['anti-emulation']
antisandbox_file ['anti-sandbox']
antisandbox_foregroundwindows ['anti-sandbox']
antisandbox_idletime ['anti-sandbox']
antisandbox_mouse_hook ['hooking', 'anti-sandbox']
antisandbox_sleep ['anti-sandbox']
antisandbox_sunbelt ['anti-vm']
antisandbox_unhook ['anti-sandbox']
antivirus_virustotal ['antivirus']
antivm_firmware ['anti-vm']
antivm_generic_bios ['anti-vm']
antivm_generic_disk ['anti-vm']
antivm_generic_ide ['anti-vm']
antivm_generic_scsi ['anti-vm']
antivm_generic_services ['anti-vm']
antivm_sandboxie ['anti-vm']
antivm_vbox_acpi ['anti-vm']
antivm_vbox_devices ['anti-vm']
antivm_vbox_files ['anti-vm']
antivm_vbox_keys ['anti-vm']
antivm_vbox_window ['anti-vm']
antivm_virtualpc ['anti-vm']
antivm_virtualpc_illegal_instruction ['anti-vm']
antivm_vmware_files ['anti-vm']
antivm_vmware_in_instruction ['anti-vm']
antivm_vmware_keys ['anti-vm']
application_aborted_broadcast_receiver ['android']
application_deleted_app ['android']
application_executed_shell_command ['android']
application_installed_app ['android']
application_queried_account_info ['android']
application_queried_installed_apps ['android']
application_queried_phone_number ['android']
application_queried_private_information ['android']
application_recording_audio ['android']
application_registered_receiver_runtime ['android']
application_sent_sms_messages ['android']
application_stopped_processes ['android']
application_uses_location ['android']
application_using_the_camera ['android']
apt_carbunak ['apt']
apt_cloudatlas ['apt']
apt_inception ['apt']
apt_sandworm_ip ['apt']
apt_sandworm_url ['apt']
apt_turlacarbon ['apt']
ardamax_mutexes ['keylogger']
athena_url ['athena']
av_detect_china_key ['avdetect']
backdoor_tdss ['backdoor']
backdoor_vanbot ['backdoor']
backdoor_whimoo ['backdoor']
bad_certificate ['']
bagle ['worm']
bandook ['rat']
banker_bancos ['trojan']
banker_cridex ['Banking', 'Trojan']
banker_prinimalka ['banker']
banker_spyeye_mutexes ['banker']
banker_spyeye_url ['banker']
banker_tinba_mutexes ['rat']
banker_zeus_mutex ['banker']
banker_zeus_p2p ['banker']
banker_zeus_url ['banker']
banking_mutexes ['banking']
banload ['trojan']
begseabugtd_mutexes ['trojandl']
betabot_url ['betabot']
bitcoin_opencl ['bitcoin']
blackenergy_mutexes ['rootkit']
blackpos_url ['blackpos']
bladabindi_mutexes ['rat']
bot_athenahttp ['bot', 'ddos']
bot_dirtjumper ['bot', 'ddos']
bot_drive ['bot', 'ddos']
bot_drive2 ['bot', 'ddos']
bot_madness ['bot', 'ddos']
bot_russkill ['bot', 'ddos']
bot_vnloader_url ['bot']
bozok_key ['rat']
btc ['rat']
bypass_firewall ['bypass']
c24_url ['C24 Stealer']
carberp_mutex ['banker', 'trojan', 'rootkit']
chanitor_mutexes ['ransom']
cloud_dropbox ['cloud']
cloud_google ['cloud']
cloud_mediafire ['cloud']
cloud_mega ['cloud']
cloud_rapidshare ['recon']
cloud_wetransfer ['cloud']
Cloudflare ['Cloudflare']
coinminer_mutexes ['trojan']
creates_doc ['generic']
creates_exe ['generic']
creates_service ['service']
cryptlocker ['rat']
cybergate ['rat']
darkcloud ['rat']
darwin_code_injection ['injection']
ddos_blackrev_mutexes ['ddos']
ddos_darkddos_mutexes ['ddos']
ddos_eclipse_mutexes ['ddos']
ddos_ipkiller_mutexes ['ddos']
ddos556 ['rat']
dead_host ['network']
decay ['rat']
decebal_mutexes ['pos']
detect_putty ['ssh']
dexter ['pos']
disables_security ['anti-av']
dns_freehosting_domain ['freehosting']
dns_tld_by ['tldwatch']
dns_tld_cc ['tldwatch']
dns_tld_onion ['tldwatch']
dns_tld_pw ['tldwatch']
dns_tld_ru ['tldwatch']
dns_tld_su ['tldwatch']
dnsserver_dynamic ['dns']
dofoil ['virus']
downloader_cabby ['downloader']
dumped_buffer ['']
dumped_buffer2 ['']
dyreza ['banking']
encryption_keys ['']
eval_js ['unpacking']
evilbot ['rat']
exec_crash ['execution', 'crash']
exp_3322_dom ['expdom']
expiro ['rat']
exploit_blackhole_url ['exploit']
exploitkit_mutexes ['exploit']
fakeav_mutexes ['rat']
fakeav_mutexes ['rat']
farfli ['rat']
fesber_mutexes ['worm']
fraudtool_fakerean ['fraudtool']
gaelicum ['worm']
ghostbot ['rat']
has_authenticode ['']
has_pdb ['']
has_wmi ['']
hesperbot ['rat']
icepoint ['rat']
im_btb ['im']
im_qq ['im']
infinity ['rat']
infostealer_browser ['infostealer']
infostealer_derusbi_files ['infostealer']
infostealer_ftp ['infostealer']
infostealer_keylogger ['generic']
infostealer_mail ['infostealer']
injection_runpe ['injection']
injection_thread ['injection']
installs_appinit ['persistence']
installs_bho ['browser']
ircbrute ['rat']
isrstealer_url ['isrstealer']
istealer_url ['istealer']
jackpos_file ['pos']
jackpos_url ['jackpos']
jeefo_mutexes ['virus']
jintor_mutexes ['keylogger']
karagany ['rat']
karakum ['rat']
katusha ['rat']
killdisk ['trojan']
koobface ['rat']
krepper_mutexes ['worm']
kuluoz_mutexes ['rat']
locates_browser ['']
locates_sniffer ['']
locker_cmd ['locker']
locker_regedit ['locker']
locker_taskmgr ['locker']
luder ['rat']
madness_url ['madness']
magania_mutexes ['rat']
memdump_urls ['unpacking']
minerbot ['rat']
miningpool ['mining']
mirc_file ['tool']
modifies_files ['']
mutex_winscp ['filetransfer']
nakbot ['rat']
netshadow ['rat']
netwire ['rat']
network_bind ['bind']
network_http ['http']
network_icmp ['icmp']
network_irc ['irc']
network_smtp ['smtp', 'spam']
network_tor ['network', 'anonimity', 'tor']
network_tor_service ['network', 'anonimity', 'tor']
network_tor2web ['network']
networkdyndns_checkip ['dyndns']
nitol ['rat']
njrat ['rat']
obfus_mutexes ['trojan']
oldrea ['rat']
origin_langid ['origin']
packer_entropy ['packer']
packer_polymorphic ['packer']
packer_upx ['packer']
packer_vmprotect ['packer']
pe_features ['packer']
perflogger ['keylogger']
persistence_ads ['persistence', 'ads']
persistence_autorun ['persistence']
pidief ['trojan']
poebot ['rat']
poisonivy ['rat']
ponfoy ['rat']
ponybot_url ['ponybot']
pos_poscardstealer_url ['pos']
puce_mutexes ['worm']
putterpanda_mutexes ['rat']
pwdump_file ['hacktool']
qakbot ['rat']
ragebot ['rat']
raises_exception ['']
ramnit ['rat']
ransomware_bcdedit ['ransomware']
ransomware_files ['ransomware']
rat_adzok ['rat']
rat_beastdoor ['rat']
rat_beebus_mutexes ['rat']
rat_bifrose ['rat']
rat_blackhole ['rat']
rat_blackice ['rat']
rat_blackshades ['rat']
rat_bottilda ['rat']
rat_buzus_mutexes ['rat']
rat_comRAT ['APT', 'RAT']
rat_darkshell ['rat']
rat_delf ['trojan']
rat_dibik ['rat']
rat_fexel_ip ['rat']
rat_flystudio ['rat']
rat_fynloski ['rat']
rat_hikit ['rat']
rat_hupigon ['rat']
rat_jewdo ['rat']
rat_koutodoor ['rat']
rat_likseput ['rat']
rat_lolbot ['backdoor']
rat_madness ['rat']
rat_mybot ['rat']
rat_naid_ip ['rat']
rat_netobserve ['rat']
rat_pasta ['rat']
rat_pcclient ['rat']
rat_plugx ['rat']
rat_rbot ['rat']
rat_sdbot ['backdoor']
rat_shadowbot ['rat']
rat_siggenflystudio ['rat']
rat_spynet ['rat']
rat_swrort ['rat']
rat_teamviewer ['rat']
rat_travnet ['rat']
rat_trogbot ['rat']
rat_turkojan ['rat']
rat_urxbot ['rat']
rat_vertex ['rat']
rat_xtreme ['rat']
rat_zegost ['rat']
rdp_mutexes ['rat']
recon_checkip ['recon']
recon_fingerprint ['recon']
recon_systeminfo ['recon']
renostrojan ['trojan']
rovnix ['banker', 'trojan']
runouce_mutexes ['worm']
sadbot ['rat']
self_delete_bat ['trojan']
senna ['rat']
sharing_rghost ['filesharing']
sharpstealer_url ['sharpstealer']
shiza ['rat']
shutdown_system ['anti-sandbox']
shylock ['rat']
SipStun ['']
smtp_gmail ['smtp']
smtp_live ['smtp']
smtp_mail_ru ['smtp']
smtp_yahoo ['smtp']
sniffer_winpcap ['sniffer']
snort_alert ['network']
solarbot_url ['solarbot']
spreading_autoruninf ['spreading']
spyrecorder ['rat']
staser ['rat']
stops_service ['anti-av']
suricata_alert ['network']
suspicious_powershell ['packer']
suspicious_process ['packer']
sweetorange_mutexes ['exploit']
TAPI_DP_mutex ['fraud']
targeted_flame ['targeted']
task_for_pid ['injection']
tnega_mutexes ['trojan']
trojan_bublik ['rat']
trojan_ceatrg ['trojan']
trojan_dapato ['trojan']
trojan_emotet ['trojan']
trojan_jorik ['trojan']
trojan_jorik ['trojan']
trojan_kilim ['trojan']
trojan_lethic ['trojan']
trojan_lockscreen ['trojan']
trojan_mrblack ['trojan']
trojan_pincav ['trojan']
trojan_redosru ['trojan']
trojan_sysn ['trojan']
trojan_vbinject ['trojan']
trojan_yoddos ['trojan']
tufik_mutexes ['virus']
UFR_Stealer ['rat']
upatre ['rat']
upatretd_mutexes ['trojandl']
urlshortcn_checkip ['urlshort']
urlspy ['rat']
uroburos_file ['rat']
uroburos_mutexes ['rat']
uses_windows_utilities ['']
vertex_url ['vertex']
vir_napolar ['vir']
vir_nebuler ['trojan']
vir_pykse ['worm']
virut ['rat']
vnc_mutexes ['rat']
volatility_devicetree_1 ['generic']
volatility_handles_1 ['generic']
volatility_ldrmodules_1 ['generic']
volatility_ldrmodules_2 ['generic']
volatility_malfind_2 ['generic']
volatility_modscan_1 ['generic']
volatility_svcscan_1 ['generic']
volatility_svcscan_2 ['generic']
volatility_svcscan_3 ['generic']
wakbot ['rat']
warbot_url ['warbot']
winsxsbot ['work']
worm_allaple ['worm']
worm_kolabc ['worm']
worm_palevo ['worm']
worm_phorpiex ['worm']
worm_psyokym ['worm']
worm_renocide ['worm']
worm_rungbu ['worm']
worm_xworm ['worm']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment