Excellent reads. Israeli E-Attack on Syria  and   Apparently tied to and Senior programs which embarrassingly enough I was not even aware of.  My god the realm of open source intell…

Completely unrelated to cyber but .   Actualy vis a vis China, it realistically shows us that the Cyber conflicts we are dealing with are outstandingly narrow in scope and focus that the full spectrum of conflict with the big dogs in power politics.  Let’s not forget the bigger picture SuperGeeks….  This type of stuff is the real deal in the RealPolitic World that will be the next 50-100 years…

So the tranference of data into information, and information into knowledge that operational people can use to better defend and respond to malware is critical.  Assuming that the concept of a centralized Malware DNA database can get off the ground, and we dont have 50 different competing versions, the next logical step is crafting an operational Vision to unify the concept and actually make it useful. 

Here is an overview of one such method.

The Crucial “Digital Genome Sequencing Methodology” advances the established highly technical field of malware analysis by revolutionizing the current operational methods for communicating, collaborating, and sharing critical intelligence about malicious code. This new communications model is comprised of the following key components:

  • A Digital Genome Sequence data representation standard collaboratively established through an expert network of malicious code analysts and implemented as a unique binary bitstream for the description of malware along with its hash and fuzzy hash signatures.
  • A knowledge base repository of malware DNA traits comprising characteristics and functions. Characteristics are what the malware looks like, functions represent the potentially hostile effects that can impact operations.
  • An XML Malware DNA Trait data schema to parse the malware bitstream and represent it to applications for operational use. This schema will translate the bitstream into technical intelligence by presenting detailed information about each trait.
  • A distributed Malware Intelligence Fusion Dashboard application implements the XML schema and communicates the analytical information to the operator as an intelligence dossier about the malware sample.
  • A Malware Analyst Workbench component within the dashboard will allow analysts to retrieve a malware sample during analysis and author the digital genome sequence data by selecting DNA traits as they are discovered allowing for constant sample refinement in collaboration with other analysts who can securely discuss the markup process.
  • The Malware Dossier is constructed of DNA traits fused together with previously derived cyber-intelligence related to that sample and delivered as analytical product for total situational awareness.
  • An Operational Impact Score is generated for the cyber-operator based on a weighted scoring algorithm that evaluates the likelihood of code being malicious based on its characteristics, functions, and historical cyber-intelligence compared to its delivery vector and operational targeting of critical assets, organizations, data, or operations.

This “Offense informs Defense” approach allows for commanders to effectively plan for agile cyber-defense and conduct precise cyber-targeting in support of counter-force and counter-intelligence actions.

The collaborative approach to analysis and communication of malware DNA traits is the only realistic and scalable solution to a critical national security problem that threatens to blunt the ability to protect national interests and erosion of the scientific and technological advantage gained through expensive research and development.

Any knowledgebase is only as good as the collaborative work that is entered into it by the hardworking and pioneering analysts that currently research new malware tactics, techniques, and procedures.  I will be issuing this invitation to reversers and analysts that I have respected and read about while doing my research.  It is my hope that a small portion of these researchers will accept this role and help guide the open source generation of the worlds largest malware DNA knowledge base.

Here is the list in no particular order: 

  • Phil Wallisch – HBGary
  • Lorenzo Kucaric – Crucial Security
  • Michael Troutman – Crucial Security
  • Nick Harbor – Mandiant
  • Jorge Mieres
  • Tom Liston
  • Giuseppe Bonfa (Evil Cry)
  • Frank Boldewin
  • Alex Lanstein – Fireeye
  • Atif Mushtaq – Fireeye
  • Julia Wolf – Fireeye
  • Dider Stevens
  • Paul Royal
  • Danny Quist – Offensive Computing
  • Marco Cova
  • Ero Carrera
  • Joe Stewart – SecureWorks
  • Anushree Reddy
  • Dancho Danchev
  • Peter Kleissner
  • Ivan Kirillov – MITRE MAEC
  • Dr. Michael VanPutte – DARPA Cyber Genome

This list is not complete, and will be enhanced based on recommendation from other analysts and researchers.  There is also standing invite to all AntiVirus community researchers that do this for a living and have seen these techniques and tricks for years, yet have never had an effective way to communicate these traits in a standardized fashion.  Now here is your chance! 

Post a reply here if your interested in being on the board.

This is a test of a development prototype for the identification and submission of Malware DNA Traits into a centralized Knowledgebase.  This will be a collaborative industry effort.  The industry has recognized and validated the need for this.  There are several excellent groups that are adopting the concepts of malware DNA.  Here is a sampling.  The fact that pools of research money have been and are still being put into solving this problem, especially under DARPA, demonstrates how challenging a realization of this will be.

  • HBGary – feature in their Responder Pro – Live memory analysis toolset
  • Harris Corp. – - Digital Genome Sequencing Methodology
  • MITRE –
  • IEEE Standards Association – (blog post and )
  • Defense Advanced Research Projects Agency (DARPA) Strategic Projects Office – –

Follow

Get every new post delivered to your Inbox.