[MAEC] Vendors adopting MAEC

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[MAEC] Vendors adopting MAEC

Arun Lakhotia
Greetings all! I am new on the list.

I have a web service the provides malware clusters and classification based. The similarity relationship is derived using certain abstraction of malware code.

We are working on producing our results in STIX/CyBox/MAEC compatible form.

I polled a few vendors to check if they could ingest MAEC. None did. And they didn't have it on their plans either.

Could someone connect me to vendors who have implemented MAEC?

Sincerely,

Arun

Dr. Arun Lakhotia
CEO
Cythereal, Inc.
www.cythereal.com
+1 (337) 781-8376
NOTICE: Proprietary Information - Cythereal. Distribution and Use Restricted
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MAEC] [EXT] [MAEC] Vendors adopting MAEC

Arun Lakhotia
Bret:

Thanks for your response.

While STIX 2.1 is being finished (and then adopted), any suggestion on how to encode the result of searching for similar malware.

* TAXII query: find similar to: <hash>
* Result: 
             <original hash,  [a list of  <hash, similarity_value>]>

The result may be augmented further:  the list of hashes may be split into categories based on different criteria for defining 'similar'.

The question is using STIX 1.X, how do you (a) group hashes, (b) split the groups in various similarity types, and (c) associate a similarity value with each element of a group.

Sincerely,

Arun

Dr. Arun Lakhotia
CEO
Cythereal, Inc.
www.cythereal.com
<a href="tel:%28337%29%20781-8376" value="+13377818376" target="_blank">+1 (337) 781-8376
NOTICE: Proprietary Information - Cythereal. Distribution and Use Restricted

On Sun, May 7, 2017 at 10:16 AM, Bret Jordan <[hidden email]> wrote:

Arun,


While we did some initial work to support the XML version MAEC two years ago, we will be holding off doing anything more until the new STIX 2.1 Malware object gets finished. 


The STIX 2.1 Malware object may not have all of the features of MAEC, however, it should hopefully have the majority, maybe as much as the top 90% of MAEC functionality.


Bret


From: Arun Lakhotia <[hidden email]>
Sent: Friday, May 5, 2017 10:22:24 PM
To: [hidden email]
Subject: [EXT] [MAEC] Vendors adopting MAEC
 
Greetings all! I am new on the list.

I have a web service the provides malware clusters and classification based. The similarity relationship is derived using certain abstraction of malware code.

We are working on producing our results in STIX/CyBox/MAEC compatible form.

I polled a few vendors to check if they could ingest MAEC. None did. And they didn't have it on their plans either.

Could someone connect me to vendors who have implemented MAEC?

Sincerely,

Arun

Dr. Arun Lakhotia
CEO
Cythereal, Inc.
www.cythereal.com
<a href="tel:%28337%29%20781-8376" value="+13377818376" target="_blank">+1 (337) 781-8376
NOTICE: Proprietary Information - Cythereal. Distribution and Use Restricted

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MAEC] Vendors adopting MAEC

Kirillov, Ivan A.
In reply to this post by Arun Lakhotia

Hi Arun,

 

Welcome to the list! Here’s an incomplete list of vendors that have implemented MAEC in some way (mostly with regards to creating MAEC content):

 

       Sandboxes

      Joe Sandbox (Joe Security)

      VXStream Sandbox (Payload Security)

      Cuckoo Sandbox

       Virtualization/Sandboxing

      Bromium LAVA (Bromium)

       Static Analysis

      Titanium Core (Reversing Labs)

       TIP

      Autofocus (Palo Alto)

 

If there any vendors on the list whose products I missed, please let us know.

 

Regards,

Ivan Kirillov

MITRE

 

From: Arun Lakhotia <[hidden email]>
Reply-To: Arun Lakhotia <[hidden email]>
Date: Friday, May 5, 2017 at 10:22 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion <[hidden email]>
Subject: [MAEC] Vendors adopting MAEC

 

Greetings all! I am new on the list.

I have a web service the provides malware clusters and classification based. The similarity relationship is derived using certain abstraction of malware code.

We are working on producing our results in STIX/CyBox/MAEC compatible form.

I polled a few vendors to check if they could ingest MAEC. None did. And they didn't have it on their plans either.

Could someone connect me to vendors who have implemented MAEC?

 

Sincerely,

Arun


Dr. Arun Lakhotia

CEO

Cythereal, Inc.
www.cythereal.com
+1 (337) 781-8376
NOTICE: Proprietary Information - Cythereal. Distribution and Use Restricted

Loading...