Trees | Indices | Help |
|
---|
|
|
|||
GeneratedsSuper | |||
GDSParseError | |||
MixedContainer | |||
MemberSpec_ | |||
BundleType BundleType is intended to serve as the high-level construct under which all other MAEC elements reside. |
|||
BehaviorCollectionType BehaviorCollectionType is intended to provide a mechanism for characterizing collections of behaviors.The name attribute contains the name of the behavior collection, if applicable. |
|||
BehaviorType BehaviorType is intended to serve as a method for the characterization of malicious behaviors found or observed in malware. |
|||
BehaviorReferenceType BehaviorReferenceType is intended to serve as a method for linking to behaviors.The behavior_id attribute refers to the ID of the behavior being referenced.The type attribute refers to the type of behavior entity that is being referenced. |
|||
ActionCollectionType ActionCollectionType is intended to provide a method for characterizing collections of actions. |
|||
ActionType ActionType is intended to serve as a method for the characterization of actions found or observed in malware. |
|||
ActionReferenceType ActionReferenceType is intended to serve as a method for linking to actions.The action_id attribute refers to the ID of the action being referenced.The type field refers to the type of action entity that is being referenced. |
|||
ObjectType ObjectType is intended to serve as a method for the characterization of any entities that actions and behaviors operate on or are associated with.The object_name attribute specifies the name of the object, if applicable.The type attribute is intended to characterize the type of object being characterized in this element. |
|||
EffectType EffectType is intended to serve as a method for the characterization of the results of succesfully executed actions and behaviors. |
|||
EffectCollectionType EffectCollectionType is intended to provide a mechanism for characterizing collections of effects. |
|||
EffectReferenceType EffectReferenceType is intended to serve as a method for linking to effects.The effect_id attribute refers to the ID of the effect being referenced.The type attribute refers to the type of effect entity that is being referenced. |
|||
StructuredTextType | |||
Block Block is a Structured_Text element consisting of one of Text_Title, Text, Code_Example_Language, or Code followed by another Block element. |
|||
ActionImplementationType ActionImplementationType is intended to serve as a method for the characterization of action implementations. |
|||
CPESpecificationType CPESpecificationType is a modularized data type intended for providing a consistent approach to uniquely specifying the identity of a specific platform using the Common Platform Enumeration (CPE) naming standard. |
|||
APICallType APICall_ParameterType is intended provide a method for the characterization of API calls, namely functions and their parameters.The apifunction_name attribute contains the exact name of the API function called. |
|||
ToolType ToolType is intended to provide a way of characterizing any tools used in the analysis of malware. |
|||
AnalysisType AnalysisType is intended to provide a way of characterizing typical malware analysis-related metadata, such as the subject of the analysis and when it was started.The analysis_method attribute is intended to provide a way of characterizing the type of analysis method used in the analysis element. |
|||
ObjectReferenceType ObjectReferenceType is intended to serve as a method for linking to objects.The object_id attribute refers to the ID of the object being referenced.This attribute refers to the type of object entity being referenced. |
|||
CVEVulnerabilityType CVEVulnerabilityType is intended to provide a way of referencing specific vulnerabilities that malware exploits or attempts to exploit via a Common Vulnerabilities and Exposures (CPE) identifier. |
|||
ObjectCollectionType ObjectCollectionType is intended to provide a mechanism for characterizing collections of effects. |
|||
DataType DataType is intended to provide a relatively abstract way of characterizing data segments that may be written/read/transmitted or otherwise utilized in actions or behaviors. |
|||
CodeType CodeType is intended to provide a way of characterizing segments of malicious code that is extracted or otherwise retrieved from malware.The codetype attribute is intended to provide a way of specifying the type of code being characterized. |
|||
DiscoveryMethod DiscoveryMethod is intended to provide a mechanism for the characterization of how actions, behaviors, malicious code, data segments, and other relevant MAEC entities were discovered.The tool_id attribute contains the id of the tool used to discovery the entity (if applicable).The method attribute contains the method used to discover the entity. |
|||
HashType HashType is intended as a way of chracterizing the outputs of crytopgrahic hash functions.The type attribute refers to the type of hash used in the Hash_Value element. |
|||
PEDataDirectoryStruct PEDataDirectoryStruct is intended as container for the attributes present in a PE binary's data directory structure. |
|||
PESectionHeaderStruct PESectionHeaderStruct is intended as container for the attributes present in a PE binary's section header structure. |
|||
PEStringType PEStringType is intended as container for strings extracted from PE binaries.The address attribute refers to the location of the specified string in the PE binary.The encoding attribute refers to the encoding method used for the string extracted from the PE binary. |
|||
PEImportType PEImportType is intended as container for the attributes relevant to PE binary imports.The type attribute refers to the type of import, with regards to being initially visible or hidden in relation to PE binary packing. |
|||
PEExportType PEExportType is intended as container for the attributes relevant to PE binary exports. |
|||
PESectionType PESectionType is intended as container for the attributes relevant to PE binary sections. |
|||
PEResourceType PEResourceType is intended as container for the attributes relevant to PE binary resources.The type attribute refers to the type of data referred to by this resource. |
|||
malwareMetaData This is the top level element for the xml document. |
|||
fileObject Object definition for files. |
|||
registryObject Registry object. |
|||
entityObject Entity Object. |
|||
uriObject Uri object. |
|||
IPObject IP object. |
|||
IPAddress ip address - string for the actual address and attribute either ipv4, ipv6. |
|||
domainObject Domain object, used to hold internet domains, e.g.yahoo.com. |
|||
ASNObject Object used to hold information on Autonomous System Numbers. |
|||
classificationObject Classification object, used to hold names or classifications of objects. |
|||
fieldDataEntry Data structure to hold prevalence information. |
|||
reference Reference element used to hold xpath expressions to objects, for example file[@id="12345"]. |
|||
property A property. |
|||
objectProperty Property; a reference to the object, a timestamp and an unbounded set of properties. |
|||
relationship Relationships are used to express relationships between objects, and dates. |
|||
AnalysesType | |||
BehaviorsType | |||
ActionsType | |||
PoolsType | |||
Behavior_Collection_PoolType | |||
Behavior_PoolType | |||
Action_Collection_PoolType | |||
Action_PoolType | |||
Object_PoolType | |||
Effect_PoolType | |||
Object_Collection_PoolType | |||
EffectsType | |||
PurposeType | |||
Attempted_Vulnerability_ExploitType This field refers to whether the vulnerability that is being exploited is known or unknown. |
|||
ActionsType1 | |||
ObjectsType | |||
EffectsType1 | |||
Related_BehaviorsType | |||
Related_BehaviorType | |||
Nature_of_Relationship This field defines the relationship between the characterized behavior and the one being referenced. |
|||
EffectsType2 | |||
Action_InitiatorType This attribute is used to state the type of object which initiated the action. |
|||
ObjectsType1 | |||
EffectsType3 | |||
Related_ActionsType | |||
Related_ActionType | |||
Object_SizeType This attribute represents the Units used in the object size field. |
|||
ClassificationsType | |||
Associated_CodeType | |||
Associated_Code_SnippetType | |||
Nature_Of_Relationship This field defines the relationship between the object and code segment referenced in this element. |
|||
Related_ObjectsType | |||
Related_ObjectType | |||
File_System_Object_AttributesType | |||
PathType This attribute refers to the type of path that this element refers to. |
|||
HashesType | |||
File_TypeType The type attribute is meant to provide a general way of characterizing file type, through MAEC's FileType enumeration. |
|||
TrID_TypeType | |||
PackingType The is_packed attribute is used to indicate whether the file system object is packed or not. |
|||
Packer_TypeType This is intended to characterize the type of packer characterized in this element. |
|||
File_Type_AttributesType | |||
PE_Binary_AttributesType The type attribute is used to define the type of PE file being characterized. |
|||
Version_BlockType | |||
HeadersType | |||
DOS_HeaderType | |||
HashesType1 | |||
PE_HeaderType | |||
HashesType2 | |||
File_HeaderType | |||
HashesType3 | |||
Optional_HeaderType | |||
HashesType4 | |||
Data_DirectoryType | |||
Section_TableType | |||
StringsType | |||
ImportsType | |||
ExportsType | |||
ResourcesType | |||
SectionsType | |||
Digital_CertificatesType | |||
CertificateType This boolean attribute represents whether the digital certificate is valid or not. |
|||
GUI_Object_AttributesType | |||
IPC_Object_AttributesType | |||
Event_Type The Event_Type field contains the event type of an IPC event object. |
|||
Internet_Object_AttributesType | |||
Module_Object_AttributesType | |||
Library_Type The Library_Type field contains the type of library object that is being characterized. |
|||
Registry_Object_AttributesType | |||
ValueType This field refers to the data type of the registry value being characterized in this element. |
|||
Process_Object_AttributesType | |||
Child_ProcessesType | |||
HandlesType | |||
HandleType | |||
Memory_Object_AttributesType | |||
Network_Object_AttributesType | |||
Socket_Type The Socket_Type field contains the socket type for socket network objects. |
|||
Daemon_Object_AttributesType | |||
Service_Type The Service_Type field contains the type of the service object. |
|||
Custom_Object_AttributesType | |||
Custom_AttributeType The custom_attribute_name attribute contains the name of the custom attribute. |
|||
Affected_ObjectsType | |||
Affected_ObjectType | |||
Constituent_EffectsType | |||
Vulnerability_ExploitType This field refers to whether the vulnerability that is being exploited is known or unknown. |
|||
ImagesType | |||
ImageType | |||
ImagesType1 | |||
ImageType1 | |||
ImagesType2 | |||
ImageType2 | |||
File_System_Action_AttributesType | |||
IPC_Action_AttributesType | |||
Process_Action_AttributesType | |||
Memory_Action_AttributesType | |||
Registry_Action_AttributesType | |||
Network_Action_AttributesType | |||
Module_Action_AttributesType | |||
Daemon_Action_AttributesType | |||
Enumerated_DaemonsType | |||
System_Action_AttributesType | |||
Internet_Action_AttributesType | |||
TitleType This field holds a shortform descriptor for the language that the Title field is expressed in. |
|||
meta_item_metadataType The modification-date attribute represents the last time that any CPE property has been modified.The status attribute contains the internal NVD status of a CPE.The nvd-id attribute contains the NVD specific unique identifier for a CPE. |
|||
APICall_ParameterType This attribute refers to the ordinal position of the API function call parameter with respect to the function itself. |
|||
SubjectType | |||
AnalystsType | |||
SourceType | |||
Analysis_EnvironmentType | |||
Enivironment_VariablesType | |||
Environment_VariableType | |||
Tools_UsedType | |||
NotesType | |||
Data_SizeType This attribute represents the Units used in the object size field. |
|||
HashesType5 | |||
HashesType6 | |||
Imported_FunctionsType | |||
Imported_FunctionType | |||
Header_HashesType | |||
Data_HashesType | |||
HashesType7 | |||
objectsType | |||
objectPropertiesType | |||
relationshipsType | |||
fieldDataType | |||
extraHashType | |||
classificationDetailsType | |||
referencesType | |||
volumeType | |||
locationType | |||
referencesType1 | |||
sourceType | |||
targetType |
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Apr 7 13:27:47 2014 | http://epydoc.sourceforge.net |