[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Possible solution to conundrum of how to do patterns for Infrastructure and Malware
On 25.05.2017 08:25:35, Jason Keirstead wrote: > Sorry I wrote that pattern before I had coffee.. it makes no sense. > > This is what the pattern would be with my proposal.... you are > looking for the hash contained inside a specific object... > > [file:hashes.“SHA-256" = > stix-object:malware-12345-aaaaa-bbbbb-ccccc.sample_metadata[*].hashes.“SHA-256"] > Good thinking, Jason! I think this approach solves many of the challenges we discussed yesterday around Malware and Infrastructure vis-a-vis Indicators. -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "Any sufficiently complex input format is indistinguishable from bytecode." -- Bratus, Patterson, & Shubina
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]