This document provides a detailed introduction to Version 4.1 of the Malware Attribute Enumeration and Characterization (MAEC™) Language, an overview of the MAEC Version 4.1 data models, a discussion of high-level use cases, requirements for Version 4.1 of the MAEC Language, and a discussion of open issues and challenges.
Go »MAEC idioms describe how common patterns in malware analysis (for instance, capturing dynamic analysis results) are represented in MAEC Version 4.1. They're similar to programming language idioms in that they document common patterns for representing content in MAEC.
Go »MAEC suggested practices (often called best practices) are guidelines that will help you create MAEC Version 4.1 content that conforms to the MAEC design goals and ensures the best compatibility with other MAEC tooling.
Go »Version 4.1 of the MAEC Language is defined by three data models and a default set of controlled vocabularies.
Go »We list malware features - whether statically, dynamically, and manually identified - that are commonly characterized with MAEC Version 4.1 and CybOX.
Go »This document describes the use of the Malware Attribute Enumeration and Characterization (MAEC™) and Structured Threat Information eXpression (STIX™) languages in the context of malware characterization and malware metadata exchange. By describing the relationships between the languages and by providing details on each language's ability to capture malware-related information, this document answers the "When should I use MAEC Version 4.1, when should I use STIX, and when should I use both?" questions.
Go »