Open cccs-rs opened 1 year ago
Hi there,
I was wondering if you're interested in including your extractors in Assemblyline, our open-source malware analysis platform.
I believe adding the work that you've done would be a boon to the cybersecurity community!
If you're interested or having any questions, feel free to reach out! 😀
Hi! Thank you for reaching out :)
It would be great if you could include my configuration extractors in your malware analysis platform. You can also find other configuration extractors in my company's repository https://github.com/esThreatIntelligence/RussianPanda_tools
Please let me know if you have any questions
Thank you!
Thanks for the response!
As a question: do you, or your company, have an output standard for your extractors? If not, would you consider a shift to something like MACO where you could port your extractors to follow that framework?
We have a library that we run within Assemblyline that can run extractors under known frameworks (MWCP & MACO currently supported, working on malduck and CAPE!) and aggregate their output for tagging/scoring (which is why some kind of deterministic output is required).
This library can be used outside of the Assemblyline context too 😉 so maybe it could be handy for you and your company?
??
Hi there,
I was wondering if you're interested in including your extractors in Assemblyline, our open-source malware analysis platform.
I believe adding the work that you've done would be a boon to the cybersecurity community!
If you're interested or having any questions, feel free to reach out! 😀