OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] CaRT Format for sending malware in STIX2

First of all, you should never trust Canadians, we're shifty.

Joking aside, I read through this drop the other day, and it looks like it would have promise... (I would actually recommend reading about the whole assemblyline utility package - it is quite an interesting architecture for malware analysis!)

If we used CaRT inside STIX, you may get into a chicken-and-the-egg scenario, since they actually talk about how you can use a STIX malware sample, inside CaRT, as the JSON header.

Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems

Without data, all you are is just another person with an opinion - Unknown

From:        "Katz, Gary CTR DC3\\DCCI" <Gary.Katz.ctr@dc3.mil>
To:        "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date:        10/23/2017 12:22 PM
Subject:        [cti-stix] CaRT Format for sending malware in STIX2
Sent by:        <cti-stix@lists.oasis-open.org>

Canada's CSE team released a tool called CaRT (Compressed and RC4 Transport)
specifically for storing and transferring malware and associated metadata.
It looks like a small useful tool and they have some documentation on how to
use CaRT with STIX v2.  Figured it was worth mentioning since we had been
looking at how encryption needed to be handled to support transferring
malware files.

I've only performed a cursory glance at the tool, so I am not endorsing it
or currently using it, just wanted to pass on the knowledge.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]