MAEC 3.0 is now available!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

MAEC 3.0 is now available!

Kirillov, Ivan A.



I’m pleased to announce that version 3.0 of the MAEC language is now available:


MAEC v3.0 represents a major version of the MAEC language, and consists of three XML schemas:

  • Version 3.0 of the MAEC Bundle schema, a revised version of the v2.1 MAEC core schema, which also defined the Bundle. A MAEC Bundle is intended to capture all of the analysis derived characteristics for a single malware instance, including any observed MAEC Behaviors or Actions, and any related MAEC Objects.
  • Version 1.0 of the new MAEC Package schema. A MAEC Package is intended to characterize all known data for one or more malware instances, including their analysis derived characteristics (via MAEC Bundles) and any associated analysis or other metadata.
  • Version 1.0 of the new MAEC Container schema. A MAEC Container is intended to serve as a transport mechanism for one or more MAEC Packages.

Some of the new features in MAEC 3.0 include:

  • A significant structural re-organization of functionality and scope through the multiple MAEC schemas, thus permitting the use of only the particular schema(s) that are relevant to the individual end-user.
  • The ability to capture equivalences between identical Actions and Objects, for use as a single units as well as analytical observations, through the new MAEC Package.
  • The ability to explicitly capture the process tree for an executed malware instance, through the revised MAEC Bundle.
  • Many revisions to existing types, for the purpose of streamlining and clarifying their intent and use.
  • The import and usage of the Cyber Observables Expression (CybOX) v1.0 final.

For more information please see the detailed release notes or schema annotations linked to on the release page; also included are many more examples that are intended to highlight the new structures and features in MAEC v3.0. We welcome your comments, feedback, and questions.


Ivan Kirillov

MAEC Project

The MITRE Corporation