encrypt data using AES via x86 extensions

rule:
  meta:
    name: encrypt data using AES via x86 extensions
    namespace: data-manipulation/encryption/aes
    authors:
      - moritz.raabe@mandiant.com
    scopes:
      static: function
      dynamic: unsupported  # requires mnemonic features
    att&ck:
      - Defense Evasion::Obfuscated Files or Information [T1027]
    mbc:
      - Defense Evasion::Obfuscated Files or Information::Encryption-Standard Algorithm [E1027.m05]
      - Cryptography::Encrypt Data::AES [C0027.001]
  features:
    - or:
      - mnemonic: aesenc = Perform One Round of an AES Encryption Flow
      - mnemonic: vaesenc
      - mnemonic: aesenclast = Perform Last Round of an AES Encryption Flow
      - mnemonic: vaesenclast
      - mnemonic: aesimc = Perform the AES InvMixColumn Transformation
      - mnemonic: vaesimc
      - mnemonic: aeskeygenassist = AES Round Key Generation Assist
      - mnemonic: vaeskeygenassist