Open cccs-rs opened 11 months ago
embee-research
commented
7 months ago Hi! Yes you're welcome to include any extractors into the Assemblyline tool. As long as a credit/link/reference is able to be included, you're welcome to use anything from my github :)
cccs-rs
commented
7 months ago Excellent! I was wondering if you're interested in modifying the extractor to conform to one of the existing extractor frameworks (ie. MWCP or MaCo)? In an automated tool like Assemblyline, having output conform to a standard makes it easier for the tool to excel at flagging IOCs that the extractor finds (ie. knowing the difference between a C2 and a decoy). So if new extractors did conform to one standard or another, I would be very interested in knowing 😁
I've created PR of what a port of the extractor to MaCo would look like. The port allows you to run the extractor directly (as you were able to do before), using the MaCo CLI, and using configextractor-py (what I would like to a call a "one-stop-shop" for running extractors, which currently supports running MaCo and MWCP extractors and pending support with malduck and CAPE)
Since you have other repositories containing extractors, I would be happy to port those over to the MaCo framework so I can include them in Assemblyline's ConfigExtractor service, the service's repository is where I would add the mention of the work you've done to contribute to the open source project! 😀
Hi there,
I was wondering if you're interested in including your extractors in Assemblyline, our open-source malware analysis platform.
I believe adding the work that you've done would be a boon to the cybersecurity community!
If you're interested or have any questions, feel free to reach out! 😀