Characterizing Malware with MAEC and STIX White Paper

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Characterizing Malware with MAEC and STIX White Paper

Kirillov, Ivan A.

All,

 

I wanted to let you know that we’ve just released a brief white paper that describes the use of MAEC and STIX languages in the context of malware characterization and malware metadata exchange. By describing the relationships between the languages and by providing details on each language's ability to capture malware-related information, this document answers the question, "When should I use MAEC, when should I use STIX, and when should I use both?"

 

It can be found here : http://stix.mitre.org/about/documents/Characterizing_Malware_MAEC_and_STIX_v1.0.pdf

 

We welcome any comments and feedback related to this white paper and the general topic of malware characterization of MAEC and STIX.

 

Regards,

Ivan Kirillov

MITRE

JA
Reply | Threaded
Open this post in threaded view
|

Re: Characterizing Malware with MAEC and STIX White Paper

JA
Good job
very nice, well done

2014-04-22 19:10 GMT+04:00 Kirillov, Ivan A. <[hidden email]>:

> All,
>
>
>
> I wanted to let you know that we’ve just released a brief white paper that
> describes the use of MAEC and STIX languages in the context of malware
> characterization and malware metadata exchange. By describing the
> relationships between the languages and by providing details on each
> language's ability to capture malware-related information, this document
> answers the question, "When should I use MAEC, when should I use STIX, and
> when should I use both?"
>
>
>
> It can be found here :
> http://stix.mitre.org/about/documents/Characterizing_Malware_MAEC_and_STIX_v1.0.pdf
>
>
>
> We welcome any comments and feedback related to this white paper and the
> general topic of malware characterization of MAEC and STIX.
>
>
>
> Regards,
>
> Ivan Kirillov
>
> MITRE
Reply | Threaded
Open this post in threaded view
|

RE: Characterizing Malware with MAEC and STIX White Paper

Holly Stewart
Agreed - this paper is very helpful.  It might be nice to complement it by mapping a real-world example (not the XML per se, but the actual information that an analyst or SOC operator would see) linking each piece of data to the STIX, MAEC, and/or CyBOX standard.

Again, thanks for putting this paper together.

-Holly

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Jerome Athias
Sent: Tuesday, April 22, 2014 10:32 PM
To: Kirillov, Ivan A.
Cc: stix-discussion-list Structured Threat Information Expression/ST; maec-discussion-list Malware Attribute Enumeration Discussion; cybox-discussion-list Cyber Observable Expression/CybOX Discussi
Subject: Re: Characterizing Malware with MAEC and STIX White Paper

Good job
very nice, well done

2014-04-22 19:10 GMT+04:00 Kirillov, Ivan A. <[hidden email]>:

> All,
>
>
>
> I wanted to let you know that we’ve just released a brief white paper
> that describes the use of MAEC and STIX languages in the context of
> malware characterization and malware metadata exchange. By describing
> the relationships between the languages and by providing details on
> each language's ability to capture malware-related information, this
> document answers the question, "When should I use MAEC, when should I
> use STIX, and when should I use both?"
>
>
>
> It can be found here :
> http://stix.mitre.org/about/documents/Characterizing_Malware_MAEC_and_
> STIX_v1.0.pdf
>
>
>
> We welcome any comments and feedback related to this white paper and
> the general topic of malware characterization of MAEC and STIX.
>
>
>
> Regards,
>
> Ivan Kirillov
>
> MITRE