Announcing Invites for Technical Author and Submission Editorial Board for MALWARE DNA Knowledgebase

February 10, 2010


Any knowledgebase is only as good as the collaborative work that is entered into it by the hardworking and pioneering analysts that currently research new malware tactics, techniques, and procedures.  I will be issuing this invitation to reversers and analysts that I have respected and read about while doing my research.  It is my hope that a small portion of these researchers will accept this role and help guide the open source generation of the worlds largest malware DNA knowledge base.

Here is the list in no particular order: 

  • Phil Wallisch – HBGary
  • Lorenzo Kucaric – Crucial Security
  • Michael Troutman – Crucial Security
  • Nick Harbor – Mandiant
  • Jorge Mieres
  • Tom Liston
  • Giuseppe Bonfa (Evil Cry)
  • Frank Boldewin
  • Alex Lanstein – Fireeye
  • Atif Mushtaq – Fireeye
  • Julia Wolf – Fireeye
  • Dider Stevens
  • Paul Royal
  • Danny Quist – Offensive Computing
  • Marco Cova
  • Ero Carrera
  • Joe Stewart – SecureWorks
  • Anushree Reddy
  • Dancho Danchev
  • Peter Kleissner
  • Ivan Kirillov – MITRE MAEC
  • Dr. Michael VanPutte – DARPA Cyber Genome

This list is not complete, and will be enhanced based on recommendation from other analysts and researchers.  There is also standing invite to all AntiVirus community researchers that do this for a living and have seen these techniques and tricks for years, yet have never had an effective way to communicate these traits in a standardized fashion.  Now here is your chance! 

Post a reply here if your interested in being on the board.

Advertisements

6 Responses to “Announcing Invites for Technical Author and Submission Editorial Board for MALWARE DNA Knowledgebase”

  1. Julia Wolf said

    Actually it’s spelled “Julia Wolf”. Um, so what exactly is this for?

    • diocyde said

      Hi Julia,

      This effort is to create the largest open source Malware DNA knowledge base. Read some of my blog postings for more reference material on the concept. If you like, I would love to speak with you further on this or answer any questions you may have. Do you have time tommorrow. I am a malware analyst and have been pioneering the concept of generating a method for identification of malware traits via characteristic and function enumeration since Sept 2008. It is similar to other efforts, however my vision goes beyond anything being done so far. It will serve as a technical repository for analysts while analyzing a sample, to “select” traits that they observe instead of textual writing about the technique without any common form of reference. I look forward to speaking with you further if you like. I have spoken quite a bit with Alex on this awhile ago. Thanks for noticing!

  2. Hi,
    Sounds interesting…How would you like me to proceed on this..

    Thanks..

    • diocyde said

      Atif, I will be putting in some work in order to flesh out the prototype. This is in the formative stages. I need to flesh out the categories in put in some initial data then when we get a small group of Technical approvers together we can begin the call for submission process. There are three main goals. Identify people who would like to submit their own unique traits they have discovered, technical editorial staff that validate and approve Traits, and people that help to evolve the concept and system as a whole. Lets stay in touch and we can will build this over time. None of this is going to get done over night. Thanks for Noticing!

  3. Julia Wolf said

    > Do you have time tommorrow.

    I’m crazy-busy at the moment. I need to finish something that was supposed to be done last week.

    As with the previously mentioned busyness, I’ve only just barely read through this site. It sounds like “Malware DNA” is something like the malware data mining project I started a few years ago, and haven’t had time to finish. (Wrote some prototype code though.) I basically divided the universe up into two domains. The microsocopic <- data intrinsic to a specific malware sample itself (static and runtime data), and the macroscopic <- where this sample came from, who it talks to, and what other samples does it resemble.

  4. Luis A. Rivera said

    It is very interesting to have come across this effort. I have been researching something quit similar, and by the looks of it so have several other folks. I would like to contribute to the knowledge base. What do we need to do to proceed?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: