Originally created on 2016-11-06
The Fundamentals of Sharing for Malware Analyst
In most organizations malware analysts are tasked to produce a deliverable derived from static or dynamic analysis. The deliverable could be to extract indicators, understand functionality, write a report or something similar. During this process the analyst will create a number of files and artifacts. These files could be IDBs, memory dumps, yara signature, decoder scripts, pcaps, notes, etc. Once the task has been completed the analyst submits their deliverable and then moves on. In many organizations the files and artifacts are not stored in a way that are accessible to others, which is a shame. Having the data and analysis accessible to others has many positive benefits.
- Promotes sharing of processes and knowledge between analyst.
- Removes duplication of labor by allowing analyst to build off of previous research and analysis.
- Intellectual property and artifacts are not lost when an analyst leaves the organiz