Hatching logo

Cuckoo Sandbox Support

Basic Advanced Enterprise
Remote hands
Minor feature requests & bug fixes
Malware Investigations
Fully Managed
Hatching Hardening
Starts at $2k/year More info

Hatching Triage

  • Features
  • Pre-processing (static analysis & Yara)
  • Multi-sandbox & multi-environment
  • Including
  • Enterprise Support
  • Feature requests & bug fixes
  • Extra Components
  • Hatching Metal: Bare metal analysis
  • Hatching Training
Starts at $20k/year More info

Hatching SOC

  • Features
  • High-performance malware analysis
  • Real-time Malware SOC
  • Including
  • Enterprise Support
  • Hatching Triage
  • Extra Components
  • Hatching Phishing (abuse@) module
  • Hatching Scale (100k/1M+ per day)
  • Target audience
  • Well-established CERT/SOCs
  • MSSPs
  • Large-scale malware analysis teams
Contact us More info

Cuckoo Support: Basic

Basic Support provides a limited amount of support hours from the Hatching team on all Cuckoo-related topics. Customers may use Basic Support for questions on picking the right hardware, deploying, maintaining, and updating Cuckoo Sandbox. We also provide advice for running specific malware samples (e.g., those that require extra steps or special environments to run) and all Cuckoo questions in general.

Q&A and Cuckoo AdviceFor all usage questions regarding Cuckoo Sandbox

With Cuckoo being a complex project including many different usage patterns and possibilities in terms of analysis environments we find that users often end up with many questions that are not necessarily documented or require too much time to investigate.
This support package ensures your organization that you're getting the advice that's needed within a timely manner, effectively helping you use Cuckoo Sandbox more efficiently.

Cuckoo Support: Advanced

Advanced Support provides a well-featured enterprise-ready technical support package including Remote Hands, priority with minor feature requests & bug fixes, and help with Malware Investigations on top of the Basic Support package.

Remote HandsEverything to make your usage easier!

With the remote hands service we can help customers with installing and maintaining Cuckoo Sandbox, help with usage on all levels (including explaining of basic functionality), quick investigations of issues and/or potential bugs, and more.

Additionally this package includes minor feature requests & bug fixes, such that any identified issues will be resolved shortly.

Malware Investigations

We provide support with analyzing or improving analysis capabilities within Cuckoo Sandbox for specific malware samples or families. This service is especially useful if you need to get that one-off malware to be analyzed thoroughly and quickly.

Cuckoo Support: Enterprise

Enterprise Support provides a fully-featured enterprise-ready malware analysis environment package that reduces the TCO (Total Cost of Ownership) through a fully managed Cuckoo Sandbox environment including our Hatching Hardening component. This package also includes everything from the Basic & Advanced packages.

Fully managedWe take care of installation & maintenance

Through a fully managed Cuckoo setup we make sure everything is and remains up-and-running, functions correctly, and is updated whenever we push out a new release or bug fix.

Hatching HardeningStealthier analysis environments!

Through continuous hardening efforts on our side we ensure that our customers use the most stealthy virtual machines possible. In practice this results in malware being analyzed more correctly and therefore Cuckoo will produce better results.

Hatching Triage

Hatching Triage is our flagship product which leverages our years of knowledge in order to provide the ultimate malware analysis experience.

Hatching Triage performs an initial triage through numerous static analysis components, Yara rules, and unpacking plugins. After the initial triage, samples are analyzed using multiple flavors of Cuckoo Sandbox and internal products, including but not limited to upstream Cuckoo Sandbox, cuckoo-modified, CAPE, a zer0m0n-based environment, Hatching Metal (optional), and in the future Hatching Visor (optional, a malware analysis hypervisor).

Hatching Triage obtains the results from the various sandboxes & environments and combines them into one consolidated report.

Hatching MetalBare Metal analysis capabilities

On top of the virtual analysis environments that Hatching Triage offers by default we also feature advanced Bare Metal analysis capabilities. For Bare Metal analyses we use real laptops and/or desktops to perform the malware analyses, therefore avoiding anti-VM techniques often used by malware.

Hatching TrainingOne or more days on-site training on Cuckoo & Triage

In order to get a new or existing team up-to-speed as fast as possible we provide private trainings. These trainings are tailored to fit the exact use-cases, interests, and allocated time as per the wishes of the client.

Hatching SOC

Hatching SOC provides services for maintaining and monitoring high-performance Triage clusters and real-time investigations & detection improvements for the latest malware samples and Phishing emails. Hatching SOC may be utilized for offloading certain expertises (such as Reverse Engineering) or for offloading the technical aspects of specific teams entirely (e.g., abuse@).

Hatching SOC is the perfect match for large organizations with well established CERT / CSIRT / SOC teams, MSSPs, and vendors that require large-scale malware analysis capabilities or wish to outsource the technical work that comes with malware analysis.

Looking for something else?

Interested, not sure if our packages are what you're looking for, or in need of additional information or pricing?

I'd like to know more