diff --git a/anti-analysis/packer/nmm-protect/packed-with-nmm-protect.yml b/anti-analysis/packer/nmm-protect/packed-with-nmm-protect.yml
new file mode 100644
index 00000000..b80bee2b
--- /dev/null
+++ b/anti-analysis/packer/nmm-protect/packed-with-nmm-protect.yml
@@ -0,0 +1,24 @@
+rule:
+  meta:
+    name: packed with nmm-protect
+    namespace: anti-analysis/packer/nmm-protect
+    authors:
+      - william.ballenthin@mandiant.com
+    description: nmm-protect is a virtualizing packer, like VMProtect, that protects Android applications
+    scopes:
+      static: file
+      dynamic: file
+    att&ck:
+      - Defense Evasion::Obfuscated Files or Information::Software Packing [T1027.002]
+    mbc:
+      - Anti-Static Analysis::Software Packing::VMProtect [F0001.010]
+    references:
+      - https://github.com/maoabc/nmmp#nmm-protect
+    examples:
+      - e5e8c139772efe47f738f4788ae9b3dc97960b1c006bc6a406715cab69f27cfc
+  features:
+    - and:
+      - os: android
+      - string: "vmInterpret"
+      - string: "cacheInitial"
+      - string: "getCacheClass"