iocaware / iocgen Goto Github PK

I have used python script file "iocaware_openioc.py" to automatically generate IOCs of malware samples submitted to cuckoo. Its working fine but when I opened those IOC files in Madiant IOC editor, it gave error of 'unkown format' or 'invalid formta' and did not open IOC files.
Can anyone help me that am I missing something? Any type of help will be highly appreciated.

ERROR: Failed to run the reporting module "IOCAware_STIX":
Traceback (most recent call last):
File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 507, in process
current.run(self.results)
File "/opt/cuckoo/modules/reporting/iocaware_stix.py", line 62, in run
doCuckoo(results)
File "/opt/cuckoo/modules/reporting/iocaware_stix.py", line 355, in doCuckoo
staticitems = results['static']
KeyError: 'static'

Does the stix.py script require modification or other?

Once the Cuckoo analysis finishes, i receive:

2015-01-30 09:59:10,096 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "IOCAware_STIX":
Traceback (most recent call last):
File "/home/rm/cuckoo/lib/cuckoo/core/plugins.py", line 499, in process
current.run(self.results)
File "/home/rm/Desktop/cuckoo/modules/reporting/ziocaware_stix.py", line 62, in run
doCuckoo(results)
File "/home/rm/Desktop/cuckoo/modules/reporting/ziocaware_stix.py", line 448, in doCuckoo
metadata = {'malfilename':malfilename, 'malmd5':malmd5, 'malsha1':malsha1, 'malsha256':malsha256, 'malsha512':malsha512,
UnboundLocalError: local variable 'malmd5' referenced before assignment
2015-01-30 09:59:10,097 [lib.cuckoo.core.scheduler] INFO: Task #3: reports generation completed (path=/home/rm/Desktop/cuckoo/storage/analyses/3)
2015-01-30 09:59:10,271 [lib.cuckoo.core.scheduler] INFO: Task #3: analysis procedure completed

I have not been able to figure out what is causing the error

i have a bunch of samples i've been running through a local cuckoo instance which call out to particular domains. right now the domains don't resolve and it appears the stix module (also tested openioc) doesn't appear to process these

was this by design, or is it a bug? :)

[lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "IOCAware_OpenIOC":
Traceback (most recent call last):
File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 507, in process
current.run(self.results)
File "/opt/cuckoo/modules/reporting/iocaware_openioc.py", line 20, in run
doCuckoo(results)
File "/opt/cuckoo/modules/reporting/iocaware_openioc.py", line 258, in doCuckoo
fileitems = results['target']['file']
KeyError: 'file'

Does the openioc.py script require modification or other?

Traceback (most recent call last):
File "/home/cuckoo/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
current.run(self.results)
File "/home/cuckoo/cuckoo/modules/reporting/iocaware_openioc.py", line 21, in run
doCuckoo(results, self.options, self.reports_path)
File "/home/cuckoo/cuckoo/modules/reporting/iocaware_openioc.py", line 256, in doCuckoo
staticitems = results['static']
KeyError: 'static'

The version of cuckoo that I used is cuckoo-current.Can anyone tell me how to modify this issue?I would like to thank you very much!

I'm seeing the following error when Cuckoo attempts to write out the STIX indicator file.

2014-10-01 00:12:48,302 [lib.cuckoo.core.plugins] WARNING: The reporting module "IOCAware_STIX" returned the following error: Failed to generate IOCAware_STIX results: to_obj() got an unexpected keyword argument 'ns_info'