Using IOC (Indicators of Compromise) in Malware Forensics
By Hun-Ya Lock
Currently there is a multitude of information available on malware analysis. Much of it describes the tools and techniques used in the analysis but not in the reporting of the results. However in the combat of malware, the reporting of the results is as important as the results itself. If the results can be reported in a consistent, well structured manner that is easily understood by man and machine, then it becomes possible to automate some of the processes in the detection, prevention and reporting of malware infections. This paper would study the benefits of using OpenIOC framework as a common syntax to describe the results of malware analysis.