[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Notes from 13-Dec Malware Minigroup Meeting
All, I posted the notes from the malware call here:
https://www.oasis-open.org/apps/org/workgroup/cti/document.php?document_id=59667 We discussed malware families vs. instances, classifications, how to represent "observable" data like filenames/hashes, location, targeting, and aliases. The major takeaway is that the malware object should
be split into two objects: malware, and malware-instance. Malware would characterize general families, malware instance would characterize specific samples/instances. As next steps, we’ll put together proposals for changes to the malware SDO and a proposal for a new malware-instance SDO. We’ll meet next week to discuss the new objects and further discuss open questions
and topics we haven't gotten to yet. In the meantime, conversation will continue via Slack. John |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]