another MAEC example: a honeyclient [thug]

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

another MAEC example: a honeyclient [thug]

jose nazario
one of the guys who was working with me on the PhoneyC honeyclient has forked it, calling his "thug". here's some example MAEC output he's been working on:


he based it on the wepawet example from the 1.1 distribution. i hope folks find this interesting. i like this more than what i had crafted for phoneyc here:


_____________________________
jose nazario, ph.d. [hidden email]
sr. manager of security research, arbor networks
blog:    http://asert.arbor.net/
twitter: @arbornetworks

Reply | Threaded
Open this post in threaded view
|

RE: another MAEC example: a honeyclient [thug]

Kirillov, Ivan A.

Thanks Jose, quite interesting, and it’s good to see someone using the MAEC code type that we defined. If you have any feedback on this type or any other MAEC elements, please let us know.

 

Regards,

Ivan

 

Ivan Kirillov

MAEC Working Group
The
MITRE Corporation

From: [hidden email] [mailto:[hidden email]] On Behalf Of Jose Nazario
Sent: Tuesday, January 31, 2012 9:11 AM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: another MAEC example: a honeyclient [thug]

 

one of the guys who was working with me on the PhoneyC honeyclient has forked it, calling his "thug". here's some example MAEC output he's been working on:

 

 

he based it on the wepawet example from the 1.1 distribution. i hope folks find this interesting. i like this more than what i had crafted for phoneyc here:

 

 

_____________________________

jose nazario, ph.d. [hidden email]

sr. manager of security research, arbor networks

blog:    http://asert.arbor.net/
twitter: @arbornetworks