MAEC 5.0 Malware obfuscation methods

maec-malware-obfuscation-methods/machinetag.json

@@ -0,0 +1,66 @@
+{
+  "namespace": "MAEC Obfuscation methods",
+  "description": "Obfuscation methods used by malware based on MAEC 5.0",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "maec-obfuscation-methods",
+      "expanded": "MAEC Obfuscation methods"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "maec-obfuscation-methods",
+      "entry": [
+        {
+          "value": "packing",
+          "expanded": "packing"
+        },
+        {
+          "value": "code-encryption",
+          "expanded": "code-encryption"
+        },
+        {
+          "value": "dead-code-insertion",
+          "expanded": "dead-code-insertion"
+        },
+        {
+          "value": "entry-point-obfuscation",
+          "expanded": "entry-point-obfuscation"
+        },
+        {
+          "value": "import-address-table-obfuscation",
+          "expanded": "import-address-table-obfuscation"
+        },
+        {
+          "value": "interleaving-code",
+          "expanded": "interleaving-code"
+        },
+        {
+          "value": "symbolic-obfuscation",
+          "expanded": "symbolic-obfuscation"
+        },
+        {
+          "value": "string-obfuscation",
+          "expanded": "string-obfuscation"
+        },
+        {
+          "value": "subroutine-reordering",
+          "expanded": "subroutine-reordering"
+        },
+        {
+          "value": "code-transposition",
+          "expanded": "code-transposition"
+        },
+        {
+          "value": "instruction-substitution",
+          "expanded": "instruction-substitution"
+        },
+        {
+          "value": "register-reassignment",
+          "expanded": "register-reassignment"
+        }
+      ],
+    }
+  ]
+}