The project is an extension to Cuckoo Sandbox open source project; it adds support to AWS cloud functionalities and enables running emulations on auto-scaling infrastructure.
• Lunch Linux machine (possible via AWS marketplace)
• Copy the repository
• Setup and activate virtual environment
virtualenv venv
venv/bin/activate
• Install boto3 library
pip install boto3
• Obtain the matching monitoring binaries from the Community repository.
python stuff/monitor.py
• Install cuckoo as DEV mode
python setup.py sdist develop
• Run cuckoo with debug output
cuckoo –d
• The first run should build the configuration files and save them in some location. The location is shown in the output of the run (should contain “.cuckoo” library). It is strongly advised to remember that location for the following steps and for future usages.
• Edit cuckoo.conf
machinery = aws
[resultserver] ip = <the private IP of this machine>
• Edit aws.conf according to the instructions in the file.
• Run
cuckoo
** For malware network analysis, each guest should have the Nest as their default route
• In case that the installation fails or if the following exception appears ” 'module' object has no attribute 'get_installed_distributions' ”, try downgrading pip:
pip install --user --force-reinstall pip==9.0.3
• In case of various issues during the build of the configuration files, try re-generating the configuration. Delete the whole “.cuckoo” folder and run the following:
cuckoo –d