The PackageType is the namesake type of the MAEC Package schema, and captures either a single Malware Subject, or a collection of Malware Subjects that are related in some way (even if exact details of the relationship are unknown). Unlike the MAEC Bundle, which captures only the MAEC-characterized analysis results for a malware instance, the Package permits the capture of additional metadata relating to the analysis, relationships between Malware Subjects, and similar types of entities.
The required id field specifies a unique ID for this Package.
The required schema_version field specifies the version of the MAEC Package schema that the document has been written in and that should be used for validation.
The timestamp field specifies the date/time that the Package was generated.
The Malware_Subjects field captures each of the Malware Subjects contained in the Package.
The Grouping_Relationships field specifies the particular relationships that serve to group the Malware Subjects encompassed in this Package. This is solely for cases where more than one Malware Subject is contained within the Package.