Malware Visualization

In addition to capturing the output of one or more malware analyses, a MAEC Package can be used as a standard format to create visualizations of malware behavior. Owing to the graph-based nature of MAEC, such visualizations permit clear linkage of the low-level Malware Actions, mid-level Behaviors, and high-level Capabilities performed by malware and facilitate comparison between two or more malware instances or families.

While no visualization tools currently exist to display MAEC content, we expect that future tools will provide much needed insight to analysts for quickly identifying similarities between malware instances and between analysis outputs from different tools.