News and Events

Right-click and copy a URL to share an article. Send feedback about this page to maec@mitre.org.

Our MAEC News Coverage Is Now Located in Our Combined "STIX-TAXII-CybOX-MAEC News/Blog"

April 14, 2015 | Share this article

All coverage of news about MAEC has been moved to our new combined "STIX-TAXII-CybOX-MAEC News/Blog" at http://stixproject.tumblr.com/. The combined blog allows readers to subscribe via RSS, and enhances the ability of readers to share posts.

Please join us at this new location for the latest news about MAEC.

Back to top

MAEC Mentioned in Article about Malware Research Presentations at Black Hat Asia 2015 on DarkReading.com

February 27, 2015 | Share this article

Malware Attribute Enumeration and Characterization (MAEC™) is mentioned in a February 26, 2015 article entitled "Black Hat Asia 2015: Target: Malware" on DarkReading.com.

The main topic of the article is the upcoming Black Hat Asia 2015 conference being held on March 24- 27, 2015 in Singapore, and how "Hostile software is ever evolving, and Black Hat-associated research is one of the key loci of information on monitoring, defending against, and nullifying it. With that in mind, today we'll preview a quartet of interesting malware-related Briefings from Black Hat Asia 2015."

MAEC is mentioned with regard to one of the malware-related briefings, when the author states: "The Security Content Automation Protocol (SCAP) comprises a number of open standards meant to enumerate system vulnerabilities and malware characteristics via components like Common Vulnerabilities and Exposures (CVE), Common Configuration Enumeration (CCE), and Malware Attribute Enumeration and Characterization (MAEC), which all capture high-fidelity data in XML. Unfortunately, their XML schemes lack mutual compatibility, making deeper cross-analysis difficult. Security Content Metadata Model with an Efficient Search Methodology for Real Time Monitoring and Threat Intelligence proposes a low-impact way to modify these schema which will result in more powerful analyses that can resolve vulnerabilities before they're exploited."

Back to top

MAEC, STIX, and TAXII Mentioned in Article about Security Stacks on The Register

February 27, 2015 | Share this article

Malware Attribute Enumeration and Characterization (MAEC™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) are mentioned in a November 7, 2014 article entitled "Security products: Best of breed or create your own monster? Beware the Frankenstack" on The Register.

The main topic of the article is that "IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality."

MAEC, STIX, and TAXII are mentioned in a section of the article entitled "Stitching parts together," which focuses on managing interoperability among different security information and event management tools. MAEC, STIX, and TAXII are mentioned as follows: "Other efforts are being made to create standard information exchange formats so that best-of-breed products can talk to each other more easily. The not-for-profit research company Mitre has two initiatives in play, both sponsored by the Department of Homeland Security: the Trusted Automated eXchange of Indicator Information (TAXII), and the Structured Threat Information eXpression (STIX). Other standards efforts in its arsenal include the MAEC language for exchanging malware information. TAXII defines protocols for exchanging cyber-threat information, while STIX is a common format for that information, including cyber-security incidents."

Back to top

Python-MAEC Version 4.1.0.11 Now Available on GitHub.com

February 27, 2015 | Share this article

Python-MAEC Version 4.1.0.11 is now available to view the source code in the MAECProject repository on GitHub.com and for download from the MAEC PyPI page as of February 20, 2015. A complete list of changes is available in the difference report and release notes.

Back to top

MAEC Output Framework Version 1.0.0-beta1 Now Available on GitHub.com

February 27, 2015 | Share this article

MAEC Output Framework Version 1.0.0-beta1 is now available to view the source code in the MAECProject repository on GitHub.com, as of December 30, 2014. The MAEC Output Framework is a Python framework/utility that can combine the output of multiple MAEC-enabled utilities for a single binary/MD5 into a single MAEC Malware Subject and Package. For example, given an input MD5 hash, the utility will look for reports for this MD5 in the online repositories of Virustotal and ThreatExpert, generate the MAEC output for these reports if found, and write the combined output to a single MAEC Package. It also supports host-based analysis tools such as PEFile (through the associated PEFile-to-MAEC utility), and can accordingly accept a binary (i.e., file) as input.

Back to top

MAEC-to-STIX Version 1.0.0-alpha1 Now Available on GitHub.com

February 27, 2015 | Share this article

MAEC-to-STIX Version 1.0.0-alpha1 is now available to view the source code in the MAECProject repository on GitHub.com, and for download from the MAEC PyPI page, as of December 23, 2014. The MAEC-to-STIX library provides APIs and scripts that can wrap Malware Attribute Enumeration and Characterization (MAEC™) content in Structured Threat Information Expression (STIX™). In addition, MAEC-to-STIX also provides the capability to automatically extract STIX Indicators from dynamic analysis/sandbox data captured in MAEC, a process which is highly configurable and includes some post-processing to help eliminate false positives that may result from such machine-generated data. Documentation for this release is hosted on ReadTheDocs.org.

Back to top

PEFile-to-MAEC Version 1.0.0-beta1 Now Available on GitHub.com

February 27, 2015 | Share this article

PEFile-to-MAEC Version 1.0.0-beta1 is now available to view the source code in the MAECProject repository on GitHub.com, as of November 26, 2014. The PEFile-to-MAEC Python library converts output from the PEFile utility to MAEC XML content. The output of PEFile is useful for malware analysis. Documentation for this release is available on GitHub.com.

Back to top

Page Last Updated: April 14, 2015