Idioms for MAEC Version 4.1

Basic Analysis Data Capture MAEC Version 4.1

This Idiom demonstrates how to capture analysis-derived data relating to a single malware instance, such as the actions that it performed, through the use of the MAEC Bundle entity.

Go »

Basic Malware Instance Characterization MAEC Version 4.1

This Idiom demonstrates how to capture basic information about a single malware instance using the MAEC Package, through the use of its Malware Subject entity.

Go »

Basic Analysis Metadata Capture MAEC Version 4.1

This Idiom demonstrates how to capture basic metadata associated with a particular analysis performed on a malware instance, through the use of the Analysis entity.

Go »

Static Analysis Capture MAEC Version 4.1

This Idiom describes the process of capturing the results of static analysis performed on some malware instance, such as through the use of a PE file analysis tool.

Go »

Dynamic Analysis Capture MAEC Version 4.1

This Idiom describes the process of capturing the results of dynamic analysis performed on some malware instance, such as through the use of a malware sandbox tool.

Go »

Capturing In-depth Analysis Results MAEC Version 4.1

This Idiom describes the process of capturing results of in-depth malware analysis, such as that which characterizes the capabilities or behaviors exhibited by the malware.

Go »

AV Classification Capture

This Idiom describes the process of capturing the class MAEC Version 4.1ifications as reported by anti-virus (AV) tools when executed against a particular malware instance.

Go »

Process Tree Capture MAEC Version 4.1

This Idiom describes the process of an observed process tree of execution for a malware instance, as reported through a dynamic analysis or similar tool.

Go »

Capturing Related Malware MAEC Version 4.1

This Idiom describes the process of characterizing multiple malware instances and the relationships between them.

Go »