MAEC Overview

This document provides a brief introduction to Version 5.0 of the Malware Attribute Enumeration and Characterization (MAEC™) Language, an overview of the MAEC data models, a discussion of top-level objects, and an example MAEC Package.

Go »


MAEC Version 5.0 includes two specifications, the “Core” Specification and the “Vocabularies” Specification.

Go »


MAEC idioms describe how common patterns in malware analysis (for instance, capturing dynamic analysis results) are represented in MAEC. They're similar to programming language idioms in that they document common patterns for representing content in MAEC.

Idioms are included as an Appendix in the MAEC Version 5.0 “Core” Specification.

Go »

Use Cases

MAEC use cases illustrate how MAEC can be used in cybersecurity. High-level use cases are provided in three general areas: malware analysis, cyber threat analysis, and incident management.

Go »

Utilities and Developer Resources

Various utilities and other developer resources have been developed for working with MAEC. The collection includes translators as well as bindings and APIs.

Go »


We provide answers to frequently asked questions.

Go »