encrypt data using memfrob from glibc

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: encrypt data using memfrob from glibc
    namespace: data-manipulation/encryption
    authors:
      - zander.work@mandiant.com
    scopes:
      static: function
      dynamic: thread
    att&ck:
      - Defense Evasion::Obfuscated Files or Information [T1027]
    mbc:
      - Defense Evasion::Obfuscated Files or Information::Encryption [E1027.m04]
      - Cryptography::Encrypt Data [C0027]
    examples:
      - 055da8e6ccfe5a9380231ea04b850e18:0x1189
  features:
    - and:
      - os: linux
      - api: memfrob

last edited: 2023-11-24 10:34:28