Mbc newsletter

README.md

@@ -1,5 +1,5 @@
 # <a name="mbc"></a>Malware Behavior Catalog v2.2 #
-The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting. Please see the [FAQ](./yfaq/README.md) page for answers to common questions.
+The Malware Behavior Catalog (MBC) is a catalog of malware objectives and behaviors, created to support malware analysis-oriented use cases, such as labeling, similarity analysis, and standardized reporting. Please see the [FAQ](./yfaq/README.md) page for answers to common questions, and read the [newsletters](./ynewsletters/README.md) for information on the most recent MBC updates and activity.
 
 Check out the MBC presentations:
 

anti-behavioral-analysis/sandbox-detection.md

@@ -47,7 +47,7 @@ Malware Examples
 |[**Rombertik**](../xample-malware/rombertik.md)|2015|The malware check for sandboxes that suppress errors returned from API routine calls the using ZwGetWriteWatch routine. [[6]](#6)|
 
 
-Code Snippets
+<a name="snippet"><a/>Code Snippets
 -------------
 **Sandbox Detection::Product Key/ID Testing** (B0007.005) - the value 55274-640-2673064-23950 corresponds to Joe Sandbox.
 ```asm

yfaq/README.md

@@ -23,6 +23,7 @@
     - MBC v2.0 was released in September 2020 and includes micro-behaviors and changes associated with [ATT&CK sub-techniques](https://attack.mitre.org/resources/updates/updates-july-2020/index.html).
     - MBC v2.1 was released in February 2021 and includes additional micro-behaviors and behavior methods.
     - MBC v2.2 was released in February 2022 and includes additional micro-behaviors and behavior methods. Added code snippets to certain methods.
+	- MBC v2.3 was released in September 2022 and aligns with ATT&CK v11 and includes an updated malware corpus.
 
 * **MBC Website** - An MBC website will eventually replace markdown documents.
 

ynewsletters/09092022.md

@@ -0,0 +1,27 @@
+# <a name="faq"></a>Malware Behavior Catalog Newsletter # 
+**September 9, 2022**
+
+Hello all!
+
+Highlights of recent MBC development include:
+
+* Released **MBC v2.3**, which aligns MBC with ATT&CK v11 (plus other updates*)
+* Released [v22.09](https://github.com/MBCProject/mbc-stix2/tree/v22.09) of the STIX 2 representation for MBC v2.3
+* Updated [capa](https://github.com/fireeye/capa) rules to map to MBC v2.3
+* Expanded MBC's [malware corpus](../xample-malware/README.md) of mapped malware examples
+* Began meeting with MBC users to understand their use cases
+
+Next, we'll be considering questions, such as whether the MBC's terminology should more closely match ATT&CK's. For example, should MBC "behaviors" instead be referred to as "techniques"? We'll also be expanding the malware corpus, as well as adding [code snippets](../anti-behavioral-analysis/sandbox-detection.md/#snippet) to MBC behavior pages. Please email us at [email protected] to let us know what you think. 
+
+**Please let us know if you're interested in meeting with our team. We'd love to get your feedback and understand your MBC use cases!**
+
+Other updates include:
+* Behavior/method descriptions enhanced
+* HTML tables fixed inside markdown
+* Histograms added for capa mappings
+* Malware corpus documentation expanded
+* READMEs updated
+* Markdown file names updated to match behavior names
+* ATT&CK technique identifiers added to links
+* Table of MBC behaviors added
+* Behavior page content (order and wording) updated for consistency

ynewsletters/README.md

@@ -0,0 +1,3 @@
+## <a name="faq"></a>Malware Behavior Catalog Newsletters ##
+
+<a href="./09092022.md">September 2022</a>