[MAEC] February 22nd Working Call Agenda

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[MAEC] February 22nd Working Call Agenda

Kirillov, Ivan A.

All,

 

For tomorrow’s working call, I’d like to finish up discussions around a few remaining types associated with the Malware Instance Object:

 

·         StaticFeaturesType: https://docs.google.com/document/d/1cnjjZAPHITFjo_8xGVBo1mX9Qvo7pN-YJ4pRZwdsuL0/edit#heading=h.8sy5r1u1gubn

·         AnalysisMetadataType: https://docs.google.com/document/d/1cnjjZAPHITFjo_8xGVBo1mX9Qvo7pN-YJ4pRZwdsuL0/edit#heading=h.fefbalm476rp

 

Also, we’d like to discuss the idea of capturing metadata about signatures that may have been triggered during the analysis of a Malware Instance, e.g.,

 

{
  "signature_type":"YARA",
  "description":"Ransomware",
  "author":"John Doe",
  "reference":"http://foo.bar",
  "severity":"9.0"
}

{
  "signature_type":"Cuckoo",
  "description":"Anti-sandbox sleep",
  "author":"Jane Doe",
  "reference":"http://foo.bar",
  "severity":"5.0"
}

 

Regards,

Ivan