[MAEC] Capabilities/Behaviors Semantic MediaWiki

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[MAEC] Capabilities/Behaviors Semantic MediaWiki

Kirillov, Ivan A.
All,

We’re pleased to announce that we’ve stood up the initial version of the MAEC Semantic MediaWiki for cataloguing and capturing malware capabilities, behaviors, structural features, and other relevant data: https://collaborate.mitre.org/maec

Here you can find our current hierarchy of behavioral and structural features that may be employed by malware. Our hope is that this will serve as a useful reference for malware researchers and the anti-malware community, providing a standard structure and nomenclature that can be referenced and used when characterizing malware. On that note, we will be rolling the data in the wiki into future versions of MAEC, so that there is a direct link between these structures/terms and a standardized way of capturing them. 

Furthermore, while all of the data in the wiki is freely accessible, it also supports the submission of new entries (as well as standard wiki features such as editing existing content and adding comments to pages) - together, we can “crowd-source” the capture of such data around malware! In order to submit new entries or edit content, you need to have a MITRE Partnership Network account – if you don’t have one already (e.g. from Handshake), please send me an email and I would be happy to send you an invitation.

The wiki is still a work in a progress, so we would greatly welcome your feedback. Accordingly, we’ll be adding new features, including the ability to add particular instances/implementations of Behaviors, in the near future.

Regards,
Ivan Kirillov
MITRE
Reply | Threaded
Open this post in threaded view
|

Re: [MAEC] Capabilities/Behaviors Semantic MediaWiki

Yoon, Chris

Ivan,

 

Thanks very much. This is great progress on MAEC.

 

Looking forward to adopting the Semantics of the MAEC into our program.

 

Chris

 

From: Kirillov, Ivan A. [mailto:[hidden email]]
Sent: Wednesday, June 17, 2015 11:59 AM
To: [hidden email]
Subject: [MAEC] Capabilities/Behaviors Semantic MediaWiki

 

All,

 

We’re pleased to announce that we’ve stood up the initial version of the MAEC Semantic MediaWiki for cataloguing and capturing malware capabilities, behaviors, structural features, and other relevant data: https://collaborate.mitre.org/maec

 

Here you can find our current hierarchy of behavioral and structural features that may be employed by malware. Our hope is that this will serve as a useful reference for malware researchers and the anti-malware community, providing a standard structure and nomenclature that can be referenced and used when characterizing malware. On that note, we will be rolling the data in the wiki into future versions of MAEC, so that there is a direct link between these structures/terms and a standardized way of capturing them. 

 

Furthermore, while all of the data in the wiki is freely accessible, it also supports the submission of new entries (as well as standard wiki features such as editing existing content and adding comments to pages) - together, we can “crowd-source” the capture of such data around malware! In order to submit new entries or edit content, you need to have a MITRE Partnership Network account – if you don’t have one already (e.g. from Handshake), please send me an email and I would be happy to send you an invitation.

 

The wiki is still a work in a progress, so we would greatly welcome your feedback. Accordingly, we’ll be adding new features, including the ability to add particular instances/implementations of Behaviors, in the near future.

 

Regards,

Ivan Kirillov

MITRE

Reply | Threaded
Open this post in threaded view
|

Re: [MAEC] Capabilities/Behaviors Semantic MediaWiki

Kirillov, Ivan A.
In reply to this post by Kirillov, Ivan A.
Thanks Chris! Our team has wanted to stand up such a capability for some time, and it’s exciting to see it come to fruition.

Also, one other aspect of this Wiki that we hope will be useful is with regards to vocabulary management in relation to malware-specific terminology, particularly around aliases. Each entry allows you to define one or more aliases, e.g., “keylogging” for “capture keyboard input” [1].


Regards,
Ivan

From: <Yoon>, Chris <[hidden email]>
Reply-To: "Yoon, Chris" <[hidden email]>
Date: Wednesday, June 17, 2015 at 1:11 PM
To: maec-discussion-list Malware Attribute Enumeration Discussion <[hidden email]>
Subject: Re: [MAEC] Capabilities/Behaviors Semantic MediaWiki

Ivan,

 

Thanks very much. This is great progress on MAEC.

 

Looking forward to adopting the Semantics of the MAEC into our program.

 

Chris

 

From: Kirillov, Ivan A. [[hidden email]]
Sent: Wednesday, June 17, 2015 11:59 AM
To: [hidden email]
Subject: [MAEC] Capabilities/Behaviors Semantic MediaWiki

 

All,

 

We’re pleased to announce that we’ve stood up the initial version of the MAEC Semantic MediaWiki for cataloguing and capturing malware capabilities, behaviors, structural features, and other relevant data: https://collaborate.mitre.org/maec

 

Here you can find our current hierarchy of behavioral and structural features that may be employed by malware. Our hope is that this will serve as a useful reference for malware researchers and the anti-malware community, providing a standard structure and nomenclature that can be referenced and used when characterizing malware. On that note, we will be rolling the data in the wiki into future versions of MAEC, so that there is a direct link between these structures/terms and a standardized way of capturing them. 

 

Furthermore, while all of the data in the wiki is freely accessible, it also supports the submission of new entries (as well as standard wiki features such as editing existing content and adding comments to pages) - together, we can “crowd-source” the capture of such data around malware! In order to submit new entries or edit content, you need to have a MITRE Partnership Network account – if you don’t have one already (e.g. from Handshake), please send me an email and I would be happy to send you an invitation.

 

The wiki is still a work in a progress, so we would greatly welcome your feedback. Accordingly, we’ll be adding new features, including the ability to add particular instances/implementations of Behaviors, in the near future.

 

Regards,

Ivan Kirillov

MITRE