51.8 F
Washington D.C.
Thursday, March 28, 2024

DC3 Advances Capabilities of Malware Configuration Parser (MWCP) Tool

STIX 2.1 is the latest version of the Structured Threat Information Expression, an OASIS standard for sharing CTI between automated systems.

The Malware Configuration Parser (MWCP) tool, developed by DC3’s Technical Solutions Development (TSD) group, can now can produce a STIX 2.1 output for easier integration between malware processing pipelines and cyber threat intelligence (CTI) tools.

DC3 MWCP is a framework for parsing out interesting information from malware samples. It was open sourced back in 2015 and has consistently been one of the most downloaded tools DC3 has produced.

While DC3 does not share the internally developed configuration parsers, the MWCP framework makes it easier for malware reverse engineers to integrate their own parsers into their organization’s automated processes.

STIX 2.1 is the latest version of the Structured Threat Information Expression, an OASIS standard for sharing CTI between automated systems. MWCP’s primary output format has always been in proprietary JavaScript Object Notation (JSON), but with new developments the option has been added to return STIX content instead. This innovation will allow systems that support STIX to ingest data without having to write a middle layer to convert MWCP’s output into something their existing tooling can understand.

Older output formats will still be present for those entities which have tightly integrated these methods into their pipelines. STIX output will allow for easier connectivity with off-the-shelf solutions.

Access to the MWCP tool and other capabilities can be found at the following: (https://github.com/dod-cyber-crime-center/DC3-MWCP).

DC3 Advances Capabilities of Malware Configuration Parser (MWCP) Tool Homeland Security Today
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles