Hello from CCCS! 🍁

[cccs-rs]

Hi there,

I was wondering if you're interested in including your extractors in Assemblyline, our open-source malware analysis platform.

I believe adding the work that you've done would be a boon to the cybersecurity community!

If you're interested or having any questions, feel free to reach out! 😀

[RussianPanda95]

Hi there,

I was wondering if you're interested in including your extractors in Assemblyline, our open-source malware analysis platform.

I believe adding the work that you've done would be a boon to the cybersecurity community!

If you're interested or having any questions, feel free to reach out! 😀

Hi! Thank you for reaching out :)

It would be great if you could include my configuration extractors in your malware analysis platform. You can also find other configuration extractors in my company's repository https://github.com/esThreatIntelligence/RussianPanda_tools

Please let me know if you have any questions

Thank you!

[cccs-rs]

Thanks for the response!

As a question: do you, or your company, have an output standard for your extractors? If not, would you consider a shift to something like MACO where you could port your extractors to follow that framework?

We have a library that we run within Assemblyline that can run extractors under known frameworks (MWCP & MACO currently supported, working on malduck and CAPE!) and aggregate their output for tagging/scoring (which is why some kind of deterministic output is required).

This library can be used outside of the Assemblyline context too 😉 so maybe it could be handy for you and your company?

[cccs-rs]

??