The MAEC team has been busy developing the next version of the MAEC, but I just wanted to let everyone know that we’re still alive and active.
The upcoming MAEC release, v2.0, has many significant changes. One of the biggest is our revising of our artifact model, where we’ve expanded vastly expanded the granularity and number of malicious artifacts that we’re able to characterize. On top of this, we’ve added support for managing malware indicators and signatures, streamlined the schema in various places, and made other improvements. More information on this will be released soon!
On the MAEC Handshake group, we’ve recently had a Python script uploaded by Blake Hartstein that allows comparison of MAEC files from multiple data sources (for example, different sandboxes). As such it allows you to determine any environmental dependencies exhibited by a particular source, and also provides you with a list of common objects between several data sources (captured in MAEC bundles). Very cool stuff.
There’s also been some discussion on MAEC use cases and how to tag MAEC elements and define releasibility of MAEC data, since some of it may be sensitive.
Again, if you wish to join the MAEC development group on Handshake (MITRE’s social collaboration portal), just send me an email and I’ll invite you.