This Idiom demonstrates how to capture analysis-derived data relating to a single malware instance, such as the actions that it performed, through the use of the MAEC Bundle entity.
Go »This Idiom demonstrates how to capture basic information about a single malware instance using the MAEC Package, through the use of its Malware Subject entity.
Go »This Idiom demonstrates how to capture basic metadata associated with a particular analysis performed on a malware instance, through the use of the Analysis entity.
Go »This Idiom describes the process of capturing the results of static analysis performed on some malware instance, such as through the use of a PE file analysis tool.
Go »This Idiom describes the process of capturing the results of dynamic analysis performed on some malware instance, such as through the use of a malware sandbox tool.
Go »This Idiom describes the process of capturing results of in-depth malware analysis, such as that which characterizes the capabilities or behaviors exhibited by the malware.
Go »This Idiom describes the process of capturing the class MAEC Version 4.1ifications as reported by anti-virus (AV) tools when executed against a particular malware instance.
Go »This Idiom describes the process of an observed process tree of execution for a malware instance, as reported through a dynamic analysis or similar tool.
Go »This Idiom describes the process of characterizing multiple malware instances and the relationships between them.
Go »