The initial version of the MAEC -> OVAL translator was done as a proof-of-concept, and as such only supports the creation of OVAL tests for file, directory, and registry objects that are defined as being created by the malware (via an Action) inside the MAEC Bundle. This was done to help eliminate false positives, as such artifacts are likely to be the ones that can be used for host-based detection.
The examples that you linked to do not have any such actions which is why you're seeing that output. We're in the process of updating the script to support MAEC v2.1 and additional OVAL objects, but if you'd like to use it in the meanwhile I'd recommend a sandbox translator for creating MAEC v1.1 output, e.g. ThreatExpert (https://github.com/MAECProject/Tools/tree/master/Scripts/threatexpert_to_maec/0.90%20(MAEC%201.1)), and then translating it into OVAL with the script. If the report defines any files, registry keys, or directories that are created, they should be converted into their appropriate OVAL representations.
The MITRE Corporation
From: [hidden email] [mailto:[hidden email]] On Behalf Of Veerendra GG
Sent: Thursday, August 16, 2012 6:47 AM
To: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: maec_to_oval script is not working properly.