MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

jq'ed machinetag.json

pull/268/head
dhondta 2023-09-30 09:59:32 +02:00
parent 97aba06ca5
commit cb2132f32f
1 changed files with 337 additions and 337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

674
runtime-packer/machinetag.json
View File

@ -1,337 +1,337 @@
{ {
"namespace": "runtime-packer", "namespace": "runtime-packer",
"description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.", "description": "Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.",
"version": 2, "version": 2,
"predicates": [ "predicates": [
{ {
"value": "pe", "value": "pe",
"expanded": "Portable Executable (PE)" "expanded": "Portable Executable (PE)"
}, },
{ {
"value": "dex", "value": "dex",
"expanded": "Dalvik Executable (DEX)" "expanded": "Dalvik Executable (DEX)"
}, },
{ {
"value": "elf", "value": "elf",
"expanded": "Executable Linkable Format (ELF)" "expanded": "Executable Linkable Format (ELF)"
}, },
{ {
"value": "macho", "value": "macho",
"expanded": "Mach-object (Mach-O)" "expanded": "Mach-object (Mach-O)"
}, },
{ {
"value": "cli-assembly", "value": "cli-assembly",
"expanded": "CLI assembly" "expanded": "CLI assembly"
} }
], ],
"values": [ "values": [
{ {
"predicate": "dex", "predicate": "dex",
"entry": [ "entry": [
{ {
"value": "apk-protect", "value": "apk-protect",
"expanded": "APK Protect" "expanded": "APK Protect"
}, },
{ {
"value": "dexguard", "value": "dexguard",
"expanded": "DexGuard" "expanded": "DexGuard"
}, },
{ {
"value": "dexprotector", "value": "dexprotector",
"expanded": "DexProtector" "expanded": "DexProtector"
} }
] ]
}, },
{ {
"predicate": "elf", "predicate": "elf",
"entry": [ "entry": [
{ {
"value": "bzexe", "value": "bzexe",
"expanded": "BzExe" "expanded": "BzExe"
}, },
{ {
"value": "ezuri", "value": "ezuri",
"expanded": "Ezuri" "expanded": "Ezuri"
}, },
{ {
"value": "gzexe", "value": "gzexe",
"expanded": "GzExe" "expanded": "GzExe"
}, },
{ {
"value": "midgetpack", "value": "midgetpack",
"expanded": "MidgetPack" "expanded": "MidgetPack"
}, },
{ {
"value": "pakkero", "value": "pakkero",
"expanded": "Pakkero" "expanded": "Pakkero"
}, },
{ {
"value": "papaw", "value": "papaw",
"expanded": "Papaw" "expanded": "Papaw"
}, },
{ {
"value": "shiva", "value": "shiva",
"expanded": "Shiva" "expanded": "Shiva"
}, },
{ {
"value": "upx", "value": "upx",
"expanded": "UPX" "expanded": "UPX"
} }
] ]
}, },
{ {
"predicate": "macho", "predicate": "macho",
"entry": [ "entry": [
{ {
"value": "eleckey", "value": "eleckey",
"expanded": "ElecKey" "expanded": "ElecKey"
}, },
{ {
"value": "muncho", "value": "muncho",
"expanded": "Muncho" "expanded": "Muncho"
}, },
{ {
"value": "mpress", "value": "mpress",
"expanded": "MPRESS" "expanded": "MPRESS"
}, },
{ {
"value": "upx", "value": "upx",
"expanded": "UPX" "expanded": "UPX"
} }
] ]
}, },
{ {
"predicate": "pe", "predicate": "pe",
"entry": [ "entry": [
{ {
"value": ".netshrink", "value": ".netshrink",
"expanded": ".netshrink" "expanded": ".netshrink"
}, },
{ {
"value": "acprotect", "value": "acprotect",
"expanded": "ACProtect" "expanded": "ACProtect"
}, },
{ {
"value": "alienyze", "value": "alienyze",
"expanded": "Alienyze" "expanded": "Alienyze"
}, },
{ {
"value": "apack", "value": "apack",
"expanded": "aPack" "expanded": "aPack"
}, },
{ {
"value": "armadillo", "value": "armadillo",
"expanded": "Armadillo" "expanded": "Armadillo"
}, },
{ {
"value": "aspack", "value": "aspack",
"expanded": "ASPack" "expanded": "ASPack"
}, },
{ {
"value": "asprotect", "value": "asprotect",
"expanded": "ASProtect" "expanded": "ASProtect"
}, },
{ {
"value": "autoit", "value": "autoit",
"expanded": "AutoIT" "expanded": "AutoIT"
}, },
{ {
"value": "axprotector", "value": "axprotector",
"expanded": "AxProtector" "expanded": "AxProtector"
}, },
{ {
"value": "bero", "value": "bero",
"expanded": "BeRo EXE Packer" "expanded": "BeRo EXE Packer"
}, },
{ {
"value": "boxedapp-packer", "value": "boxedapp-packer",
"expanded": "BoxedApp Packer" "expanded": "BoxedApp Packer"
}, },
{ {
"value": "cexe", "value": "cexe",
"expanded": "CExe" "expanded": "CExe"
}, },
{ {
"value": "code-virtualizer", "value": "code-virtualizer",
"expanded": "Code Virtualizer" "expanded": "Code Virtualizer"
}, },
{ {
"value": "confuserex", "value": "confuserex",
"expanded": "ConfuserEx" "expanded": "ConfuserEx"
}, },
{ {
"value": "dotbundle", "value": "dotbundle",
"expanded": "dotBundle" "expanded": "dotBundle"
}, },
{ {
"value": "dragon-armor", "value": "dragon-armor",
"expanded": "Dragon Armor" "expanded": "Dragon Armor"
}, },
{ {
"value": "eleckey", "value": "eleckey",
"expanded": "ElecKey" "expanded": "ElecKey"
}, },
{ {
"value": "enigma-protector", "value": "enigma-protector",
"expanded": "Enigma Protector" "expanded": "Enigma Protector"
}, },
{ {
"value": "enigma-virtual-box", "value": "enigma-virtual-box",
"expanded": "Enigma Virtual Box" "expanded": "Enigma Virtual Box"
}, },
{ {
"value": "exe-bundle", "value": "exe-bundle",
"expanded": "EXE Bundle" "expanded": "EXE Bundle"
}, },
{ {
"value": "exe-stealth", "value": "exe-stealth",
"expanded": "EXE Stealth" "expanded": "EXE Stealth"
}, },
{ {
"value": "exe32pack", "value": "exe32pack",
"expanded": "EXE32Pack" "expanded": "EXE32Pack"
}, },
{ {
"value": "expressor", "value": "expressor",
"expanded": "eXPressor" "expanded": "eXPressor"
}, },
{ {
"value": "fsg", "value": "fsg",
"expanded": "FSG" "expanded": "FSG"
}, },
{ {
"value": "hxor-packer", "value": "hxor-packer",
"expanded": "hXOR Packer" "expanded": "hXOR Packer"
}, },
{ {
"value": "jdpack", "value": "jdpack",
"expanded": "JDPack" "expanded": "JDPack"
}, },
{ {
"value": "kkrunchy", "value": "kkrunchy",
"expanded": "Kkrunchy" "expanded": "Kkrunchy"
}, },
{ {
"value": "liapp", "value": "liapp",
"expanded": "LIAPP" "expanded": "LIAPP"
}, },
{ {
"value": "mew", "value": "mew",
"expanded": "MEW" "expanded": "MEW"
}, },
{ {
"value": "molebox", "value": "molebox",
"expanded": "MoleBox" "expanded": "MoleBox"
}, },
{ {
"value": "morphine", "value": "morphine",
"expanded": "Morphine" "expanded": "Morphine"
}, },
{ {
"value": "mpress", "value": "mpress",
"expanded": "MPRESS" "expanded": "MPRESS"
}, },
{ {
"value": "neolite", "value": "neolite",
"expanded": "Neolite" "expanded": "Neolite"
}, },
{ {
"value": "netcrypt", "value": "netcrypt",
"expanded": "NetCrypt" "expanded": "NetCrypt"
}, },
{ {
"value": "nspack", "value": "nspack",
"expanded": "NSPack" "expanded": "NSPack"
}, },
{ {
"value": "obsidium", "value": "obsidium",
"expanded": "Obsidium" "expanded": "Obsidium"
}, },
{ {
"value": "packman", "value": "packman",
"expanded": "Packman" "expanded": "Packman"
}, },
{ {
"value": "pecompact", "value": "pecompact",
"expanded": "PECompact" "expanded": "PECompact"
}, },
{ {
"value": "pelock", "value": "pelock",
"expanded": "PELock" "expanded": "PELock"
}, },
{ {
"value": "pepacker", "value": "pepacker",
"expanded": "PE Packer" "expanded": "PE Packer"
}, },
{ {
"value": "peshield", "value": "peshield",
"expanded": "PEShield" "expanded": "PEShield"
}, },
{ {
"value": "pespin", "value": "pespin",
"expanded": "PESpin" "expanded": "PESpin"
}, },
{ {
"value": "petite", "value": "petite",
"expanded": "PEtite" "expanded": "PEtite"
}, },
{ {
"value": "procrypt", "value": "procrypt",
"expanded": "ProCrypt" "expanded": "ProCrypt"
}, },
{ {
"value": "rlpack-basic", "value": "rlpack-basic",
"expanded": "RLPack Basic" "expanded": "RLPack Basic"
}, },
{ {
"value": "smart-packer-pro", "value": "smart-packer-pro",
"expanded": "Smart Packer Pro" "expanded": "Smart Packer Pro"
}, },
{ {
"value": "squishy", "value": "squishy",
"expanded": "Squishy" "expanded": "Squishy"
}, },
{ {
"value": "telock", "value": "telock",
"expanded": "Telock" "expanded": "Telock"
}, },
{ {
"value": "themida", "value": "themida",
"expanded": "Themida" "expanded": "Themida"
}, },
{ {
"value": "thinstall", "value": "thinstall",
"expanded": "Thinstall" "expanded": "Thinstall"
}, },
{ {
"value": "upack", "value": "upack",
"expanded": "UPack" "expanded": "UPack"
}, },
{ {
"value": "upx", "value": "upx",
"expanded": "UPX" "expanded": "UPX"
}, },
{ {
"value": "vmprotect", "value": "vmprotect",
"expanded": "VMProtect" "expanded": "VMProtect"
}, },
{ {
"value": "xcomp-xpack", "value": "xcomp-xpack",
"expanded": "XComp/XPack" "expanded": "XComp/XPack"
}, },
{ {
"value": "yoda-crypter", "value": "yoda-crypter",
"expanded": "Yoda's Crypter" "expanded": "Yoda's Crypter"
}, },
{ {
"value": "yoda-protector", "value": "yoda-protector",
"expanded": "Yoda's Protector" "expanded": "Yoda's Protector"
}, },
{ {
"value": "zprotect", "value": "zprotect",
"expanded": "ZProtect" "expanded": "ZProtect"
} }
] ]
} }
] ]
} }