Handshake Group Updates

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Handshake Group Updates

Kirillov, Ivan A.

Hello Everyone,

 

I just wanted to give you a heads up on the latest goings on in the MAEC Handshake group:

 

-We posted translator tools for converting Anubis and ThreatExpert XML output into MAEC XML. We also have translators for CWSandbox to MAEC, as well as MAEC to OVAL, available for download in the group.

 

-We began discussing how to structure PE binary attributes for inclusion in the MAEC schema.

 

I’ll be updating this thread regularly to give you a better perspective on the activity in the group.

 

Again, if you wish to join the Handshake and the MAEC group,  just let me know, and I’ll send you an invite.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

 

 

Reply | Threaded
Open this post in threaded view
|

RE: Handshake Group Updates

Kirillov, Ivan A.

Hello Everyone,

 

Here is a small update with regards to the activities on the MAEC Handshake group in the past month:

 

-We’ve posted a beta version of the PE binary attributes schema, as well as version 1.1 of the MAEC schema which incorporates this schema (along with other additions/fixes).

 

-We’ve created a subgroup for Malware ontology development. If you’re a member of the general MAEC development group, you can request to join this subgroup.

 

Also, the MAEC issue tracker is now up on the website: http://maec.mitre.org/language/tracker.html

 

We’ll be updating the tracker regularly with the latest MAEC development issues and plans. If you find any issues with the MAEC schema or wish to request some new features, please let us know and we’ll see that they get discussed and added to the tracker.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kirillov, Ivan A.
Sent: Friday, November 19, 2010 1:22 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: Handshake Group Updates

 

Hello Everyone,

 

I just wanted to give you a heads up on the latest goings on in the MAEC Handshake group:

 

-We posted translator tools for converting Anubis and ThreatExpert XML output into MAEC XML. We also have translators for CWSandbox to MAEC, as well as MAEC to OVAL, available for download in the group.

 

-We began discussing how to structure PE binary attributes for inclusion in the MAEC schema.

 

I’ll be updating this thread regularly to give you a better perspective on the activity in the group.

 

Again, if you wish to join the Handshake and the MAEC group,  just let me know, and I’ll send you an invite.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

 

 

Reply | Threaded
Open this post in threaded view
|

RE: Handshake Group Updates

Chase, Melissa P.

Hi Everyone,

 

Here’s an update on Handshake activities this month:

 

-          We’ve had some discussion on generating SCAP content from MAEC descriptions, which can be used to check for the presence of malware on systems, perhaps before AV signatures have been created.

-          We’ve had some discussion on the Anti Malware Testing Standards Organization (AMTSO)  and potential engagement with them on MAEC development and use in their testing processes.

 

For more about the MAEC Development Handshake group, see http://maec.mitre.org/community

 

Penny

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kirillov, Ivan A.
Sent: Thursday, December 16, 2010 9:50 AM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: RE: Handshake Group Updates

 

Hello Everyone,

 

Here is a small update with regards to the activities on the MAEC Handshake group in the past month:

 

-We’ve posted a beta version of the PE binary attributes schema, as well as version 1.1 of the MAEC schema which incorporates this schema (along with other additions/fixes).

 

-We’ve created a subgroup for Malware ontology development. If you’re a member of the general MAEC development group, you can request to join this subgroup.

 

Also, the MAEC issue tracker is now up on the website: http://maec.mitre.org/language/tracker.html

 

We’ll be updating the tracker regularly with the latest MAEC development issues and plans. If you find any issues with the MAEC schema or wish to request some new features, please let us know and we’ll see that they get discussed and added to the tracker.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kirillov, Ivan A.
Sent: Friday, November 19, 2010 1:22 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: Handshake Group Updates

 

Hello Everyone,

 

I just wanted to give you a heads up on the latest goings on in the MAEC Handshake group:

 

-We posted translator tools for converting Anubis and ThreatExpert XML output into MAEC XML. We also have translators for CWSandbox to MAEC, as well as MAEC to OVAL, available for download in the group.

 

-We began discussing how to structure PE binary attributes for inclusion in the MAEC schema.

 

I’ll be updating this thread regularly to give you a better perspective on the activity in the group.

 

Again, if you wish to join the Handshake and the MAEC group,  just let me know, and I’ll send you an invite.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

 

 

Reply | Threaded
Open this post in threaded view
|

RE: Handshake Group Updates

Kirillov, Ivan A.

Hello Everyone,

 

Here are the Handshake group updates for March:

 

-We posted a beta version of the MAEC layer 7 attributes schema for comment, to which we’ve recently added attributes for IM and TLS.

-We posted a beta MAEC -> HTML transform (XSLT 2.0) for generating more human-readable MAEC output.

 

This month on the discussion list and Handshake we hope to discuss the latest developments in the MAEC schema and the related Cyber Observables (CybOX) schema that we’ve been developing between MAEC, CAPEC and CEE.

 

For more about the MAEC Development Handshake group, see http://maec.mitre.org/community

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

From: [hidden email] [mailto:[hidden email]] On Behalf Of Chase, Melissa P.
Sent: Friday, February 25, 2011 12:48 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: RE: Handshake Group Updates

 

Hi Everyone,

 

Here’s an update on Handshake activities this month:

 

-           We’ve had some discussion on generating SCAP content from MAEC descriptions, which can be used to check for the presence of malware on systems, perhaps before AV signatures have been created.

-           We’ve had some discussion on the Anti Malware Testing Standards Organization (AMTSO)  and potential engagement with them on MAEC development and use in their testing processes.

 

For more about the MAEC Development Handshake group, see http://maec.mitre.org/community

 

Penny

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kirillov, Ivan A.
Sent: Thursday, December 16, 2010 9:50 AM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: RE: Handshake Group Updates

 

Hello Everyone,

 

Here is a small update with regards to the activities on the MAEC Handshake group in the past month:

 

-We’ve posted a beta version of the PE binary attributes schema, as well as version 1.1 of the MAEC schema which incorporates this schema (along with other additions/fixes).

 

-We’ve created a subgroup for Malware ontology development. If you’re a member of the general MAEC development group, you can request to join this subgroup.

 

Also, the MAEC issue tracker is now up on the website: http://maec.mitre.org/language/tracker.html

 

We’ll be updating the tracker regularly with the latest MAEC development issues and plans. If you find any issues with the MAEC schema or wish to request some new features, please let us know and we’ll see that they get discussed and added to the tracker.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

From: [hidden email] [mailto:[hidden email]] On Behalf Of Kirillov, Ivan A.
Sent: Friday, November 19, 2010 1:22 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: Handshake Group Updates

 

Hello Everyone,

 

I just wanted to give you a heads up on the latest goings on in the MAEC Handshake group:

 

-We posted translator tools for converting Anubis and ThreatExpert XML output into MAEC XML. We also have translators for CWSandbox to MAEC, as well as MAEC to OVAL, available for download in the group.

 

-We began discussing how to structure PE binary attributes for inclusion in the MAEC schema.

 

I’ll be updating this thread regularly to give you a better perspective on the activity in the group.

 

Again, if you wish to join the Handshake and the MAEC group,  just let me know, and I’ll send you an invite.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation