IODEF/RFC7203: Taggant System & Clean Metadata eXchange

[ѠOOT]

April 2014, "An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information" ( RFC-7203 )

This document extends the Incident Object Description Exchange Format (IODEF) defined in RFC 5070 to exchange enriched cybersecurity information among security experts at organizations and facilitate their operations. It provides a well-defined pattern to consistently embed structured information, such as identifier- and XML-based information.

Le groupe de travail MWG de l'ICSG à l'IEEE propose également AMSS:

The IEEE Malware Working Group is developing a system - called the IEEE Software Taggant System - that identifies the specific user of a binary packer, in order to help track down the malware authors. The term taggant is adopted from the taggant system used for explosives, in which a chemical marker is added to allow tracing after an explosion. The IEEE Software Taggant System will apply a software marker to the output of packer binaries, to allow us to identify (possibly anonymously) which unique packer license was used to create the packed file.[...] ( IEEE Software Taggant System Requirements Specification v.0.10.pdf )

→ ( PDF ) Taggant System ( Taggant Library )

→ ( PDF ) Clean Metadata eXchange
Providers create the metadata and submit it to CMX
- Use existing IEEE metadata XML format ( ex: Malware MetaData sharing 1.2 )
- Python scripts assist in the extraction and formatting of the metadata ( ex: genMMDEF 0.1 )

Alea jacta est - the system is now fully operational :
☂ IEEE-CMX.AVIRA.COM ☂

Outre la future pompe à fric qui se profile, j'ai noté cette phrase dans mon calepin.
"We are hoping to solve the problem of packed malware in ~2-3 years"

[Malekal_morte]

J'ai pas lu les liens... mais

that identifies the specific user of a binary packer, in order to help track down the malware authors.

Espérons que ça ne sera pas détourné de son but initial ...