MAEC™ International in scope and free for public use, MAEC is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

By eliminating the ambiguity and inaccuracy that currently exists in malware descriptions and by reducing reliance on signatures, MAEC aims to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances.


"MAEC Idioms" Now Available on

An initial set of MAEC Idioms is available in the MAEC Project Documentation Repository on "MAEC Idioms" are a set of common use cases that revolve around the representation of information and metadata surrounding malware, including the capture of specific types of analysis data (for example, "capturing static analysis data") and then show how such information could be represented in the MAEC Data Model. Each idiom is focused on a single scenario and includes a text write-up, block diagram, sample XML, and sample Python API code that shows you exactly how to represent that scenario.

We are actively looking to expand that initial set to include more concepts and to improve the concepts we have now. Please send suggestions or other feedback to

Page Last Updated: October 21, 2014