MalwareEntityTypeMAEC Bundle Schema

The MalwareEntityType provides a Capability for characterizing the particular entity that an indicator or signature is written against, whether it is a particular malware instance, family, etc.


Field Name Type Description
Type0..1 ControlledVocabularyStringType

The Type field refers to the specific type of malware entity that the indicator or signature is written against.

This field is implemented through the xsi:type controlled vocabulary extension Capability. The default vocabulary type is MalwareEntityTypeVocab-1.0 in the http://maec.mitre.org/default_vocabularies-1 namespace. This type is defined in the maec_default_vocabularies.xsd file or at the URL http://maec.mitre.org/XMLSchema/default_vocabularies/1.0.0/maec_default_vocabularies.xsd.

Name0..1 string

The Name field refers to the name of the malware instance, malware family, or malware class that the indicator or signature is written against.

Description0..1 string

The Description field is intended to provide a brief description of the entity that the indicator or signature is written against.