GitHub Repository Updates - August

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

GitHub Repository Updates - August

Kirillov, Ivan A.

All,

 

Just wanted to send out a quick update on the MAEC Tools GitHub repository front.

 

I just added the initial version of the GFI Sandbox to MAEC script, compatible with MAEC v2.1. You can find it here:

 

https://github.com/MAECProject/Tools/tree/master/Scripts/gfi_sandbox_to_maec

 

Also, I’ve recently updated the comparator script for compatibility with MAEC v2.1. This nifty little script will go through a set of MAEC XML documents and determine the objects that are unique to each document, but also those that are common across some set of documents. Thus it’s a pretty easy way of finding the object-level intersections between the outputs of multiple dynamic analysis tools for the same sample. It can be found here:

 

https://github.com/MAECProject/Tools/tree/master/Scripts/comparator/0.2%20(MAEC%202.1)

 

More to come later this month!

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Project

The MITRE Corporation

 

 

Reply | Threaded
Open this post in threaded view
|

RE: GitHub Repository Updates - August

Kirillov, Ivan A.

As a further update, I just pushed the MAEC v2.1 version of the MAEC -> OVAL translator:

 

https://github.com/MAECProject/Tools/tree/master/Scripts/maec_to_oval/0.92%20(MAEC%202.1)

 

Right now this only supports MAEC Actions that create/modify files and registry keys, but we’ll be updating it in the near future to support additional Actions and object types. For more information please see the README.

 

We welcome any input with regards to this and any other MAEC tool.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Project

The MITRE Corporation

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kirillov, Ivan A.
Sent: Friday, August 10, 2012 3:34 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: GitHub Repository Updates - August

 

All,

 

Just wanted to send out a quick update on the MAEC Tools GitHub repository front.

 

I just added the initial version of the GFI Sandbox to MAEC script, compatible with MAEC v2.1. You can find it here:

 

https://github.com/MAECProject/Tools/tree/master/Scripts/gfi_sandbox_to_maec

 

Also, I’ve recently updated the comparator script for compatibility with MAEC v2.1. This nifty little script will go through a set of MAEC XML documents and determine the objects that are unique to each document, but also those that are common across some set of documents. Thus it’s a pretty easy way of finding the object-level intersections between the outputs of multiple dynamic analysis tools for the same sample. It can be found here:

 

https://github.com/MAECProject/Tools/tree/master/Scripts/comparator/0.2%20(MAEC%202.1)

 

More to come later this month!

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Project

The MITRE Corporation