MAEC – Malware Attribute Enumeration & Characterization v1.1 released

MAEC™ International in scope and free for public use, MAEC is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

By eliminating the ambiguity and inaccuracy that currently exists in malware descriptions and by reducing reliance on signatures, MAEC aims to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances.

MAEC Language Version 1.1

Version 1.1 of the MAEC Language is now available on the Releases page on the MAEC Web site. This is the second release of the MAEC Schema, and is focused on adding support for characterizing the results of static PE binary analysis, as well as other minor additions and tweaks. Downloads and documentation for this release include the Version 1.1 Schema, and Version 1.1 Example Files.

Feedback on all of these items is welcome on the MAEC Development Group on Handshake, MAEC Discussion List, and/or

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"