AI Tea Pot: May 2021

2021/05/03

Cubkoo Sandbox Setup

Ref: https://medium.com/@seifreed/how-to-deploy-cuckoo-sandbox-431a6e65b848

Ref 2: https://utopianknight.com/malware/cuckoo-installation-on-ubuntu-20/

Environment: MacBook Pro 2019

VirtualBox 6.1

Set up Ubuntu 20 LTS

System Update

1) system update: sudo apt update && sudo apt upgrade -y

2) create a cuckoo user: sudo adduser cuckoo

3) add to sudo: sudo adduser cuckoo sudo

Deployment:

4) Add MongoDB support: sudo apt-key adv -keyserver keyserver.ubuntu.com -recv-keys 68818C72E52529D4

New curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

5) Add repo: echo “deb [arch=amd64] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/development multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list

6) enable repo: sudo nano /etc/apt/sources.list

https://miro.medium.com/max/4800/1*u9Y0WNDzqtYJ-pivFUpXYA.png

7) sudo apt-update

8) package update again:

sudo apt install git mongodb-org-unstable python python-dev python-pip python-m2crypto libmagic1 swig libvirt-dev upx-ucl libssl-dev wget unzip p7zip-full geoip-database libgeoip-dev libjpeg-dev mono-utils ssdeep libfuzzy-dev exiftool curl openjdk-11-jre-headless xfce4 xfce4-goodies postgresql postgresql-contrib libpq-dev wkhtmltopdf xvfb xfonts-100dpi tcpdump libcap2-bin clamav clamav-daemon clamav-freshclam python-pil suricata libboost-all-dev qemu-kvm libvirt-clients libvirt-daemon virt-manager htop tmux gdebi-core tor privoxy libssl-dev libjansson-dev libmagic-dev automake apparmor-utils -y

9) pip update:

sudo -H pip install psycopg2 distorm3 pycrypto openpyxl

sudo -H pip install git+https://github.com/kbandla/pydeep.git

sudo -H pip install git+https://github.com/volatilityfoundation/volatility.git

sudo -H pip install pyopenssl -U

10) add our user to the KVM and libvirt group:

sudo usermod -a -G kvm $USER && sudo usermod -a -G libvirt $USER

11) enable package capture in VM:

sudo aa-disable /usr/sbin/tcpdump

sudo groupadd pcap

sudo usermod -a -G pcap cuckoo

sudo chgrp pcap /usr/sbin/tcpdump

sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

12) sudo pip install cuckoo==2.0.6.2

AI Tea Pot

main

2021/05/03

Cubkoo Sandbox Setup

How to Supercharge Your Python Classes with Class Methods