Cuckoo Sandbox Search Syntaxes – gain full control of the search function

The Cuckoo Sandbox project allows you to search your database for specific values.

But if you want to search the Database, you will need to use the right Cuckoo SandBox Search Syntaxes.

We took a peek at the Malwr.com environment, and we noticed that they allow the following “search” options.

We know that they use the Cuckoo project and that they have developed it. So lets take them as a source.

Cuckoo Sandbox Search Syntax

PREFIX DESCRIPTION
name: File name pattern
type: File type/format
string: String contained in the binary
ssdeep: Fuzzy hash
crc32: CRC32 hash
imphash: Search for PE Imphash
file: Opened files matching the pattern
key: Opened registry keys matching the pattern
mutex: Opened mutexes matching the pattern
domain: Contacted the specified domain
ip: Contacted the specified IP address
url: Performed HTTP requests matching the URL pattern
signature: Search for Cuckoo Sandbox signatures
tag: Search on your personal tags