cti-stix message

Subject: Re: [cti-stix] Possible solution to conundrum of how to do patterns for Infrastructure and Malware

From: Trey Darley <trey@kingfisherops.com>
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Thu, 25 May 2017 16:41:20 +0000

On 25.05.2017 08:25:35, Jason Keirstead wrote:
> Sorry I wrote that pattern before I had coffee.. it makes no sense.
> 
> This is what the pattern would be with my proposal.... you are
> looking for the hash contained inside a specific object...
> 
> [file:hashes.“SHA-256" = 
> stix-object:malware-12345-aaaaa-bbbbb-ccccc.sample_metadata[*].hashes.“SHA-256"]
> 

Good thinking, Jason! I think this approach solves many of the
challenges we discussed yesterday around Malware and Infrastructure
vis-a-vis Indicators.

-- 
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4  5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"Any sufficiently complex input format is indistinguishable from
bytecode." -- Bratus, Patterson, & Shubina

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: [cti-stix] Possible solution to conundrum of how to do patterns for Infrastructure and Malware
  - From: "Kirillov, Ivan A." <ikirillov@mitre.org>

References:
- Re: [cti-stix] Possible solution to conundrum of how to do patterns for Infrastructure and Malware
  - From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>