Some malware behaviors are low-level, support many objectives and other behaviors, and aren't necessarily malicious. For example, a TCP socket may be created or a string may be checked for some condition. Because such things are often noted in malware analysis, they are captured in MBC. They are called "micro-behaviors."
Like regular MBC behaviors, micro-behaviors are associated with objectives and can have methods that refine them. Micro-objectives are shown below.
| Micro-objective | Description |
|---|---|
| Communication | Malware uses various protocols and components to communication. |
| Cryptography | Malware uses elements of cryptography. |
| Data | Malware manipulates data. |
| File System | Malware manipulates files or directories. |
| Hardware | Malware has hardware-related behaviors. |
| Memory | Malware manipulates memory. |
| Process | Malware uses processes. |
| Operating System | Malware makes changes to the operating system. |