diff --git a/runtime-packer/machinetag.json b/runtime-packer/machinetag.json index f8e91d6..4ac69a0 100644 --- a/runtime-packer/machinetag.json +++ b/runtime-packer/machinetag.json @@ -1,10 +1,10 @@ { "namespace": "runtime-packer", "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", - "version": 1, + "version": 2, "predicates": [ { - "value": "portable-executable", + "value": "pe", "expanded": "Portable Executable (PE)" }, { @@ -16,7 +16,7 @@ "expanded": "Executable Linkable Format (ELF)" }, { - "value": "mach-o", + "value": "macho", "expanded": "Mach-object (Mach-O)" }, { @@ -26,12 +26,91 @@ ], "values": [ { - "predicate": "portable-executable", + "predicate": "dex", + "entry": [ + { + "value": "apk-protect", + "expanded": "APK Protect" + }, + { + "value": "dexguard", + "expanded": "DexGuard" + }, + { + "value": "dexprotector", + "expanded": "DexProtector" + } + ] + }, + { + "predicate": "elf", + "entry": [ + { + "value": "bzexe", + "expanded": "BzExe" + }, + { + "value": "ezuri", + "expanded": "Ezuri" + }, + { + "value": "gzexe", + "expanded": "GzExe" + }, + { + "value": "midgetpack", + "expanded": "MidgetPack" + }, + { + "value": "pakkero", + "expanded": "Pakkero" + }, + { + "value": "papaw", + "expanded": "Papaw" + }, + { + "value": "shiva", + "expanded": "Shiva" + }, + { + "value": "upx", + "expanded": "UPX" + } + ] + }, + { + "predicate": "macho", + "entry": [ + { + "value": "eleckey", + "expanded": "ElecKey" + }, + { + "value": "muncho", + "expanded": "Muncho" + }, + { + "value": "mpress", + "expanded": "MPRESS" + }, + { + "value": "upx", + "expanded": "UPX" + } + ] + }, + { + "predicate": "pe", "entry": [ { "value": ".netshrink", "expanded": ".netshrink" }, + { + "value": "acprotect", + "expanded": "ACProtect" + }, { "value": "alienyze", "expanded": "Alienyze" @@ -40,10 +119,6 @@ "value": "apack", "expanded": "aPack" }, - { - "value": "apk-protect", - "expanded": "APK Protect" - }, { "value": "armadillo", "expanded": "Armadillo" @@ -53,13 +128,17 @@ "expanded": "ASPack" }, { - "value": "aspr-asprotect", - "expanded": "ASPR (ASProtect)" + "value": "asprotect", + "expanded": "ASProtect" }, { "value": "autoit", "expanded": "AutoIT" }, + { + "value": "axprotector", + "expanded": "AxProtector" + }, { "value": "bero", "expanded": "BeRo EXE Packer" @@ -77,21 +156,29 @@ "expanded": "Code Virtualizer" }, { - "value": "dexguard", - "expanded": "DexGuard" - }, - { - "value": "dexprotector", - "expanded": "DexProtector" + "value": "confuserex", + "expanded": "ConfuserEx" }, { "value": "dotbundle", "expanded": "dotBundle" }, + { + "value": "dragon-armor", + "expanded": "Dragon Armor" + }, + { + "value": "eleckey", + "expanded": "ElecKey" + }, { "value": "enigma-protector", "expanded": "Enigma Protector" }, + { + "value": "enigma-virtual-box", + "expanded": "Enigma Virtual Box" + }, { "value": "exe-bundle", "expanded": "EXE Bundle" @@ -100,6 +187,10 @@ "value": "exe-stealth", "expanded": "EXE Stealth" }, + { + "value": "exe32pack", + "expanded": "EXE32Pack" + }, { "value": "expressor", "expanded": "eXPressor" @@ -109,8 +200,12 @@ "expanded": "FSG" }, { - "value": "gzexe", - "expanded": "GzExe" + "value": "hxor-packer", + "expanded": "hXOR Packer" + }, + { + "value": "jdpack", + "expanded": "JDPack" }, { "value": "kkrunchy", @@ -124,10 +219,26 @@ "value": "mew", "expanded": "MEW" }, + { + "value": "molebox", + "expanded": "MoleBox" + }, + { + "value": "morphine", + "expanded": "Morphine" + }, { "value": "mpress", "expanded": "MPRESS" }, + { + "value": "neolite", + "expanded": "Neolite" + }, + { + "value": "netcrypt", + "expanded": "NetCrypt" + }, { "value": "nspack", "expanded": "NSPack" @@ -136,6 +247,10 @@ "value": "obsidium", "expanded": "Obsidium" }, + { + "value": "packman", + "expanded": "Packman" + }, { "value": "pecompact", "expanded": "PECompact" @@ -144,6 +259,10 @@ "value": "pelock", "expanded": "PELock" }, + { + "value": "pepacker", + "expanded": "PE Packer" + }, { "value": "peshield", "expanded": "PEShield" @@ -156,6 +275,10 @@ "value": "petite", "expanded": "PEtite" }, + { + "value": "procrypt", + "expanded": "ProCrypt" + }, { "value": "rlpack-basic", "expanded": "RLPack Basic" @@ -164,10 +287,22 @@ "value": "smart-packer-pro", "expanded": "Smart Packer Pro" }, + { + "value": "squishy", + "expanded": "Squishy" + }, + { + "value": "telock", + "expanded": "Telock" + }, { "value": "themida", "expanded": "Themida" }, + { + "value": "thinstall", + "expanded": "Thinstall" + }, { "value": "upack", "expanded": "UPack"