Language >

MAEC Bundle

Introduction

The MAEC Bundle is a standard output format that can be used to describe a malware instance or malware components in terms of MAEC’s enumerations and schema.

The MAEC Bundle is a component of the initial release of the MAEC schema. All future releases of the MAEC Bundle will be posted here and announced on the News and Events page, in the MAEC Announce e-newsletter, on the MAEC Development Group on Handshake, and on the MAEC Discussion List.

MAEC’s Bundle

MAEC Bundle Overview
MAEC Bundle Overview

The MAEC Bundle represents a standard output format of MAEC, with the purpose of encompassing any set of attributes obtained from the characterization of a malware instance. Therefore, it serves as a container and transport mechanism for use in storing and subsequently sharing any MAEC-encoded information about malware.

A MAEC Bundle could be used to describe anything from a particular insertion method (composed of several low-level observables and mid-level behaviors), to all of the attributes of a malware instance, to the key behaviors common to an entire malware family. To facilitate MAEC component re-use and structuring, the Bundle makes use of a ‘Pools’ type, which can be used to store collections of MAEC actions, objects, effects, and behaviors. For more detailed information on this and other types, please refer to the MAEC Schema or its associated HTML documentation.

Although a MAEC Bundle will be most useful when encompassing a set of malware attributes with a particular significance (like the insertion method or family behaviors mentioned above), it is intended to serve as a generic container for MAEC-characterized malware data. Therefore, it can be used with as little or as much information as desired; any further meaning beyond the explicit data stored in the bundle is determined by its producer.

Back to top

Feedback Requested

We encourage members of the security community to participate in the development of MAEC on the MAEC Development Group on Handshake and MAEC Email Discussion List.

Back to top

Page Last Updated: February 03, 2012