misp-taxonomies/maec-malware-obfuscation-methods/machinetag.json

{
  "namespace": "maec-malware-obfuscation-methods",
  "description": "Obfuscation methods used by malware based on MAEC 5.0",
  "version": 1,
  "predicates": [
    {
      "value": "maec-obfuscation-methods",
      "expanded": "MAEC Obfuscation methods"
    }
  ],
  "values": [
    {
      "predicate": "maec-obfuscation-methods",
      "entry": [
        {
          "value": "packing",
          "expanded": "packing"
        },
        {
          "value": "code-encryption",
          "expanded": "code-encryption"
        },
        {
          "value": "dead-code-insertion",
          "expanded": "dead-code-insertion"
        },
        {
          "value": "entry-point-obfuscation",
          "expanded": "entry-point-obfuscation"
        },
        {
          "value": "import-address-table-obfuscation",
          "expanded": "import-address-table-obfuscation"
        },
        {
          "value": "interleaving-code",
          "expanded": "interleaving-code"
        },
        {
          "value": "symbolic-obfuscation",
          "expanded": "symbolic-obfuscation"
        },
        {
          "value": "string-obfuscation",
          "expanded": "string-obfuscation"
        },
        {
          "value": "subroutine-reordering",
          "expanded": "subroutine-reordering"
        },
        {
          "value": "code-transposition",
          "expanded": "code-transposition"
        },
        {
          "value": "instruction-substitution",
          "expanded": "instruction-substitution"
        },
        {
          "value": "register-reassignment",
          "expanded": "register-reassignment"
        }
      ]
    }
  ]
}