This is the current release of MAEC.
The most significant changes in the MAEC 5.0 release include: a more graph-based approach through the definition of MAEC top-level objects and MAEC relationships; JSON serialization, which significantly reduces the size and complexity of MAEC documents and allows for better integration with other applications; a single standardized output format (the MAEC Package); a new object for capturing properties associated with malware families; a new type for capturing metadata about signatures and rules (e.g., YARA rules) triggered by a malware instance; and a new type for capturing details of how a malware instance is obfuscated. A complete list of changes is available in Section 1.2 of the MAEC 5.0 “Core” Specification.
This release of MAEC 5.0 includes the following:
The Cuckoo Sandbox 2.x reporting module produces native MAEC 5.0 output.