├── README.md ├── analyzer └── darwin │ ├── __init__.py │ ├── analysis.conf │ ├── analyzer.py │ ├── dylib │ ├── cuckoohooks.c │ ├── cuckoohooks.dylib │ ├── cuckoohooks.h │ ├── cuckoohooks.o │ ├── cuckoohooks_32.dylib │ ├── cuckoohooks_64.dylib │ └── makefile │ ├── lib │ ├── __init__.py │ ├── api │ │ ├── __init__.py │ │ ├── apitrace │ │ ├── process.py │ │ └── screenshot.py │ ├── common │ │ ├── __init__.py │ │ ├── abstracts.py │ │ ├── constants.py │ │ ├── exceptions.py │ │ ├── hashing.py │ │ ├── rand.py │ │ └── results.py │ └── core │ │ ├── __init__.py │ │ ├── config.py │ │ ├── packages.py │ │ └── startup.py │ └── modules │ ├── __init__.py │ ├── auxiliary │ ├── __init__.py │ ├── human.py │ └── screenshots.py │ └── packages │ ├── __init__.py │ ├── doc.py │ ├── generic.py │ ├── html.py │ ├── jar.py │ ├── macho.py │ ├── pdf.py │ ├── python.py │ ├── rtf.py │ ├── safari.py │ └── zip.py └── modules └── processing ├── behavior_osx.py ├── filter_syscall.py ├── macho_data.py └── static_macho.py /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/README.md -------------------------------------------------------------------------------- /analyzer/darwin/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /analyzer/darwin/analysis.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/analysis.conf -------------------------------------------------------------------------------- /analyzer/darwin/analyzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/analyzer.py -------------------------------------------------------------------------------- /analyzer/darwin/dylib/cuckoohooks.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/cuckoohooks.c -------------------------------------------------------------------------------- /analyzer/darwin/dylib/cuckoohooks.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/cuckoohooks.dylib -------------------------------------------------------------------------------- /analyzer/darwin/dylib/cuckoohooks.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/cuckoohooks.h -------------------------------------------------------------------------------- /analyzer/darwin/dylib/cuckoohooks.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/cuckoohooks.o -------------------------------------------------------------------------------- /analyzer/darwin/dylib/cuckoohooks_32.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/cuckoohooks_32.dylib -------------------------------------------------------------------------------- /analyzer/darwin/dylib/cuckoohooks_64.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/cuckoohooks_64.dylib -------------------------------------------------------------------------------- /analyzer/darwin/dylib/makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/dylib/makefile -------------------------------------------------------------------------------- /analyzer/darwin/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/api/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/api/apitrace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/api/apitrace -------------------------------------------------------------------------------- /analyzer/darwin/lib/api/process.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/api/process.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/api/screenshot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/api/screenshot.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/abstracts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/common/abstracts.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/constants.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/common/constants.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/common/exceptions.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/hashing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/common/hashing.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/rand.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/common/rand.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/common/results.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/common/results.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/core/config.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/packages.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/core/packages.py -------------------------------------------------------------------------------- /analyzer/darwin/lib/core/startup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/lib/core/startup.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /analyzer/darwin/modules/auxiliary/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /analyzer/darwin/modules/auxiliary/human.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/auxiliary/human.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/auxiliary/screenshots.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/auxiliary/screenshots.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/doc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/doc.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/generic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/generic.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/html.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/html.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/jar.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/jar.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/macho.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/macho.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/pdf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/pdf.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/python.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/python.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/rtf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/rtf.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/safari.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/safari.py -------------------------------------------------------------------------------- /analyzer/darwin/modules/packages/zip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/analyzer/darwin/modules/packages/zip.py -------------------------------------------------------------------------------- /modules/processing/behavior_osx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/modules/processing/behavior_osx.py -------------------------------------------------------------------------------- /modules/processing/filter_syscall.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/modules/processing/filter_syscall.py -------------------------------------------------------------------------------- /modules/processing/macho_data.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/modules/processing/macho_data.py -------------------------------------------------------------------------------- /modules/processing/static_macho.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sandialabs/mac-sandbox/HEAD/modules/processing/static_macho.py --------------------------------------------------------------------------------