cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-stix] CaRT Format for sending malware in STIX2
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: "Katz, Gary CTR DC3\\DCCI" <Gary.Katz.ctr@dc3.mil>
- Date: Mon, 23 Oct 2017 13:16:05 -0300
First of all, you should never trust Canadians,
we're shifty.
Joking aside, I read through this drop
the other day, and it looks like it would have promise... (I would actually
recommend reading about the whole assemblyline utility package - it is
quite an interesting architecture for malware analysis!)
If we used CaRT inside STIX, you may
get into a chicken-and-the-egg scenario, since they actually talk about
how you can use a STIX malware sample, inside CaRT, as the JSON header.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
Without data, all you are is just another person with an opinion - Unknown
From:
"Katz, Gary CTR
DC3\\DCCI" <Gary.Katz.ctr@dc3.mil>
To:
"cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>
Date:
10/23/2017 12:22 PM
Subject:
[cti-stix] CaRT
Format for sending malware in STIX2
Sent by:
<cti-stix@lists.oasis-open.org>
Canada's CSE team released a tool called CaRT (Compressed and RC4 Transport)
specifically for storing and transferring malware and associated metadata.
It looks like a small useful tool and they have some documentation on how
to
use CaRT with STIX v2. Figured it was worth mentioning since we had
been
looking at how encryption needed to be handled to support transferring
malware files.
I've only performed a cursory glance at the tool, so I am not endorsing
it
or currently using it, just wanted to pass on the knowledge.
https://bitbucket.org/cse-assemblyline/cart
-Gary
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]