Author Topic: MRF Features Requests  (Read 5081 times)

0 Members and 1 Guest are viewing this topic.

October 21, 2019, 11:02:18 AM

Radu Stanescu

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
MRF Features Requests
« on: October 21, 2019, 11:02:18 AM »
Dear Team,

First of all, thanks for the platform, nice tool.
Using it for a while i was looking forward some new features that everyone I think would benefit from them:
1. PE Strings to be added to the database (allows to have extra correlations easier between malware)
2. PE Strings which include URL to be automatically added as URL to the malware specs
3. Usage of SSDEEP to identify almost same version of the malware instead of duplicating it
4. Hybrid-Analysis API key to be setup as profile level
5. Cron Analytics to be run with each user's API key depending on the user who uploaded the sample

Kind regards,
Radu

Reply #1October 23, 2019, 09:28:04 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: MRF Features Requests
« Reply #1 on: October 23, 2019, 09:28:04 AM »
Hey Radu, thanks for your message.
1. In fact they are, but that's true they are not in a separate table but nested into a whole JSON data. We need to study the impact on that
2. Well the URLs field was more designed to link studies/analysis links (safe links). Having malware links in this area would be very unsafe for the user.
3. Yes, this is already planned. We would like to design a "similar samples" section
4. Good idea, thanks.
5. We need to evaluate the impact, but yes maybe we could have an option in user settings to override the keys. The general idea behind MRF upload is that ownership is not a strong concept, once the sample is uploaded the user isn't really high profile anymore. The cron is used to run jobs on behalf of the whole team/company, by using company wide credentials that are usually stronger.
The user key setting was designed originally because of the VirusTotal comments, so that when someone is commenting it's not the company key that is used.