How to add Volatility Plugin into Cuckoo - JPCERTCC/MalConfScan-with-Cuckoo GitHub Wiki

Add new Volatility plugin into Cuckoo Sandbox

Integrate the Volatility plugin into Cuckoo Sandbox, you need to add and modify some files in Cuckoo Sandbox.

Change basic configurations

Modify the following files to be able to configure the new plugin.

• $CUCKOO/cuckoo/common/config.py
• $CUCKOO/cuckoo/compat/config.py
• $CUCKOO/cuckoo/private/cwd/conf/memory.conf

Add new function to process memory dump

Modify the following file to define the new volatility plugin function.

• $CUCKOO/cuckoo/processing/memory.py

Add new web interface to report the result

Modify the following file to show the new plugin's report into memory analysis page.

• $CUCKOO/cuckoo/web/templates/analysis/pages/memory/index.html

And add the following file to generate the new plugin report.

• $CUCKOO/cuckoo/web/templates/analysis/pages/memory/_[set_plugin_name_here].html

For MalConfScan-with-Cuckoo, you could patch your cuckoo with malconfscan.patch and patch command.