Latest MAEC News

Subscribe to our free MAEC Announce e-newsletter to receive information and updates directly in your mailbox. Please email us at maec@mitre.org to subscribe.

Our latest news:

Changes to MAEC Email Subscriptions Coming in Early 2018

The email server currently used for the MAEC Community Email Discussion List and MAEC Announce e-newsletter is being replaced in early 2018.

Although you don’t need to do anything, this announcement is being made now so that you will be aware of the change since MAEC messages will be coming from a new email address. You will automatically be transferred to the new subscriber list.

What will change:

Old Email List Sender Address	New Email List Sender Address
maec-discussion-list@lists.mitre.org	maec-discussion-list@mitre.org
maec-announce-list@lists.mitre.org	maec-announce-list@mitre.org

We will also send a message from each list after the changeover occurs, so you can add the new email address(es) to your safe senders list.

In addition, we will create a new archive on Nabble for the new “maec-discussion-list@mitre.org” when the time comes so all new messages on the new email discussion list will continue to be publicly archived for review by the MAEC Community. The previous archive will also be retained for historical purposes. We will notify you once the new discussion archive is created.

Please contact maec@mitre.org with any comments or concerns.

MAEC Version 5.0 Specifications Now Available in Slate

The relevant portions of the MAEC 5.0 Specifications have been ported into the Slate API document generator and are now available at: http://maecproject.github.io/documentation/maec5-docs/.

This new section of the MAEC website presents key concepts from the MAEC 5.0 Core Concepts and Vocabularies specifications in an easy-to-read format, and is searchable. And while this version of the specifications in Slate is not meant to supplant the complete versions of the specifications, it will hopefully be a useful reference for MAEC 5.0.

Please check out the new section of the MAEC website and let us know what you think on the MAEC Community Email Discussion List, or directly to maec@mitre.org.

MAEC Website Updated for MAEC Version 5.0

The MAEC website has been fully updated for MAEC Version 5.0, with new or revised content in the Getting Started, Releases, Documentation, and About MAEC sections.

Please check out the updated sections and let us know what you think on the MAEC Community Email Discussion List, or directly to maec@mitre.org.

“MAEC 5.0” Now Available!

Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 is now available in the Releases section of the MAEC website.

The most significant changes in the MAEC 5.0 release include: a more graph-based approach through the definition of MAEC top-level objects and MAEC relationships; JSON serialization, which significantly reduces the size and complexity of MAEC documents and allows for better integration with other applications; a single standardized output format (the MAEC Package); a new object for capturing properties associated with malware families; a new type for capturing metadata about signatures and rules (e.g., YARA rules) triggered by a malware instance; and a new type for capturing details of how a malware instance is obfuscated. A complete list of changes is available in Section 1.2 of the MAEC 5.0 “Core” Specification.

MAEC 5.0 includes the following:

• MAEC 5.0 “Core” Specification
• MAEC 5.0 “Vocabularies” Specification
• A full set of JSON schemas that correspond with the specifications
• A Cuckoo Sandbox 2.x reporting module that produces native MAEC 5.0 output

Feedback or questions about this release are welcome on the MAEC Community Email Discussion List, or directly to maec@mitre.org.

“MAEC 5.0 (Draft)” Released for Community Review & Comment

MAEC 5.0 (Draft) is now available for community review and comment. All comments are due by September 29, 2017.

MAEC 5.0 (Draft) includes the following:

• MAEC 5.0 (Draft) “Core” Specification
• MAEC 5.0 (Draft) “Vocabularies” Specification
• A full set of JSON schemas that correspond with the specifications
• A Cuckoo Sandbox 2.x reporting module that produces native MAEC 5.0 output

We are particularly interested in hearing about anything that might be confusing or under-specified in the specifications.

Feedback is welcome on the MAEC Community Email Discussion List, or directly to maec@mitre.org.

MAEC 5.0 Release Timeline Updated

The timeline for the release of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 has been updated:

• Draft Release - August 2017
  • This will be a draft version of MAEC 5.0 that will still be open for comment and feedback.
  • Included will be the specification and vocabularies, JSON schemas, and Cuckoo 2.0.x output module.
• Final Release - September 2017
  • This is the final release version that will incorporate any comments/feedback during the draft phase.
  • Included will be the finalized specification and vocabularies, JSON schemas, and Cuckoo 2.0.x output module.

Please contact us at maec@mitre.org with any comments or concerns.

1 New Product Added to “MAEC Supporters” List from EclecticIQ

One additional product has been added to the MAEC Supporters list on the MAEC website: (1) EclecticIQ’s Threat Intelligence Platform.

As cited on EclecticIQ’s website, the EclecticIQ Platform includes support for industry standards such as Malware Attribute Enumeration and Characterization (MAEC™), Structured Threat Information Expression (STIX™), Trusted Automated eXchange of Indicator Information (TAXII™), and others.

To add your product to the MAEC Supporters list, please email us at maec@mitre.org.

“MAEC Supporters” Page Added to MAEC Website

A MAEC Supporters page has been added to the MAEC website. The new page lists those vendors to-date that have implemented Malware Attribute Enumeration and Characterization (MAEC™) in their products or services:

• Sandboxes – 3 products from 3 vendors currently listed
• Virtualization Sandboxing – 1 product currently listed
• Static Analysis – 1 product currently listed
• Threat Intelligence Platforms – 1 product currently listed

To add your product to the list, please email us at maec@mitre.org.

MAEC 5.0 Working Call on April 12 to Focus on “Vocabularies”

The main topic of our 1-hour bi-weekly community working call on April 12, 2017 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be the Vocabularies.

Next MAEC 5.0 Working Call Scheduled for April 12

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on Aprl 12, 2017. Call details and the agenda topic(s) will be announced closer to the day. More»>

MAEC 5.0 Working Call on March 29 to Focus on Five MAEC 5.0 Specification Topics

The main topics of our 1-hour bi-weekly community working call on March 29, 2017 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be the five remaining open items in the MAEC 5.0 specification: API call parameter values, Distance measures, Actions, Malware Instances, and Packages. Read the detailed agenda.

Next MAEC 5.0 Working Call Scheduled for March 29

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on March 29, 2017. Call details and the agenda topic(s) will be announced closer to the day. More»>

MAEC 5.0 Working Call on March 15 to Focus on “Collections” & “Relationships”

The main topics of our 1-hour bi-weekly community working call on March 15, 2017 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be two top-level entities: Collections and Relationships.

Next MAEC 5.0 Working Call Scheduled for March 15

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on March 15, 2017. Call details and the agenda topic(s) will be announced closer to the day. More»>

MAEC 5.0 Working Call on February 27 to Focus on the Malware Instance Object “StaticFeaturesType” & “AnalysisMetadataType”

The main topics of our 1-hour bi-weekly community working call on February 27, 2017 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 are the Malware Instance Object StaticFeaturesType and AnalysisMetadataType.

Next MAEC 5.0 Working Call Scheduled for February 22

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on February 22, 2017. Call details and the agenda topic(s) will be announced closer to the day. More»>

MAEC 5.0 Working Call on February 1 to Focus on the “Malware Family Data Model”

The main topic of our 1-hour bi-weekly community working call on February 1, 2017 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 is the Malware Family data model.

Visit our MAEC 5.0 Working Calls page for the detailed agenda and dial-in instructions.

Next MAEC 5.0 Working Call Scheduled for February 1

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on February 1, 2017. Call details and the agenda topic(s) will be announced closer to the day. More»>

MAEC 5.0 Working Call on January 11 Focused on the “Data Models Mind Map”

The main topic of our 1-hour bi-weekly community working call on January 11, 2017 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 was the mind map for the Data Models. More»>

MAEC 5.0 Working Call on December 14 Focused on the “Malware Instance”

The main topic of our 1-hour bi-weekly community working call on December 14, 2016 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 was the Malware Instance. More»>

MAEC 5.0 Working Call on November 30 to Focus on Two Topics: “Capabilities” and “Structural Features”

The main topics of our 1-hour bi-weekly community working call on November 30, 2016 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 are Capabilities and Structural Features. More»>

Next MAEC 5.0 Working Call Scheduled for November 30

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on November 30, 2016. Call details and the agenda topic(s) will be announced closer to the day. More»>

MAEC 5.0 Working Call on November 9 to Focus on Two Topics: “Malware Action” and “Behavior”

The main topics of our 1-hour bi-weekly community working call on November 9, 2016 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 are Malware Action and Behavior. More»>

Next MAEC 5.0 Working Call Scheduled for November 9

Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on November 9, 2016. Call details and the agenda topic will be announced closer to the day. More»>

MAEC 5.0 Working Call on October 26 to Focus on the “Malware Instance Object”

The main topic of our 1-hour bi-weekly community working call on October 26, 2016 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 is the Malware Instance Object. More»>

Next MAEC 5.0 Working Call Scheduled for October 26

Due to scheduling issues the October 12 call was cancelled. Our next 1-hour bi-weekly community working call for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 will be held on October 26, 2016. Call details and the agenda topic will be announced closer to the day. More»>

Join Us at Virus Bulletin International Conference 2016 on October 5-7, 2016

Members of the MAEC Team will be attending Virus Bulletin International Conference (VB2016) on October 5-7, 2016 in Denver, Colorado, USA. We look forward to seeing you there! More»>

MAEC 5.0 Working Call on September 28 to Focus on the “Malware Family Object”

The main topic of our first 1-hour bi-weekly community working call on September 28, 2016 for the development of Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 is the Malware Family Object. More»>

“MAEC 5.0 Working Session” Calls Moving to Bi-Weekly Schedule Beginning September 28

Beginning September 28, 2016, the MAEC Team will be hosting the first of a series of 1-Hour, Bi-Weekly Working Session Calls for Malware Attribute Enumeration and Characterization (MAEC™) Version 5.0 that will each focus in-depth on a single discussion topic. More»>

Materials from Second MAEC Version 5.0 Community Working Call Now Available

The presentation slides, as well links to the specification documents and other materials, from the working call held on September 14, 2016 are now available. More»>

MAEC to Hold Second Community Working Call for MAEC Version 5.0 on September 14

We are hosting the second “Malware Attribute Enumeration and Characterization (MAEC™) 5.0 Working Session” community call focusing on the next version of MAEC Language on September 14, 2016. More»>

python-maec Version 4.1.0.13 Now Available

python-maec Version 4.1.0.13 is now available for download from PyPI, and to view the source code in the MAECProject repository on GitHub.com. More»>

MAEC to Schedule Second Community Working Call for MAEC 5.0

We are looking to schedule the next working call. Please respond to our Doodle poll announced on August 8 to let us know your availability. More»>

MAEC Holds First-Ever Community Working Call for MAEC Version 5.0 on July 20

Our first “Malware Attribute Enumeration and Characterization (MAEC™) 5.0 Working Session” community call focusing on the next version of MAEC Language was held on July 20, 2016. More»>