[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] RE: [Non-DoD Source] Re: [cti-cybox] File/Artifact Encryption & Archive Properties
On 12.10.2017 15:46:28, Jason Keirstead wrote: > I don't see how adding encryption_algorithm and decryption_key to a > sample helps anyone. > > As has been pointed out many times - this is not enough information > for a consumer to do anything with whatsoever regarding the sample. > All day, every day malware researchers share samples around in encrypted zip files. Countless emails fly across the wire along the lines of, "Hey, have a look at this, let me know what you think. The password is 'infected'." That's precisely the use case we're attempting to address with the proposed changes to the Artifact object. Please help me understand why that's so complicated to do this in STIX. If our proposed approach for sharing defanged malware samples is truly unworkable, as an alternative I suggest adding an optional boolean property to the Artifact object `is_rot13`. ;-) -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "A project is sustainable if it is cheap enough to be the first of a series continuing indefinitely into the future. A project is unsustainable if it is so expensive that it cannot be repeated without major political battles. A sustainable project marks the beginning of a new era. An unsustainable project marks the end of an old era." --Freeman Dyson
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]