data-manipulation/encryption/skipjack
rule:
meta:
name: encrypt data using skipjack
namespace: data-manipulation/encryption/skipjack
authors:
- "@_re_fox"
scopes:
static: basic block
dynamic: unsupported # requires bytes features
att&ck:
- Defense Evasion::Obfuscated Files or Information [T1027]
mbc:
- Defense Evasion::Obfuscated Files or Information::Encryption-Standard Algorithm [E1027.m05]
- Cryptography::Encrypt Data::Skipjack [C0027.013]
examples:
- 94d3c854aadbcfde46b2f82801015c31:0x429C0730
features:
- and:
- bytes: a3 d7 09 83 f8 48 f6 f4 b3 21 15 78 99 b1 af f9 e7 2d 4d 8a ce 4c ca 2e 52 95 d9 1e 4e 38 44 28 0a df 02 a0 17 f1 60 68 12 b7 7a c3 e9 fa 3d 53 96 84 6b ba f2 63 9a 19 7c ae e5 f5 f7 16 6a a2 39 b6 7b 0f c1 93 81 1b ee b4 1a ea d0 91 2f b8 55 b9 da 85 3f 41 bf e0 5a 58 80 5f 66 0b d8 90 35 d5 c0 a7 33 06 65 69 45 00 94 56 6d 98 9b 76 97 fc b2 c2 b0 fe db 20 e1 eb d6 e4 dd 47 4a 1d 42 ed 9e 6e 49 3c cd 43 27 d2 07 d4 de c7 67 18 89 cb 30 1f 8d c6 8f aa c8 74 dc c9 5d 5c 31 a4 70 88 61 2c 9f 0d 2b 87 50 82 54 64 26 7d 03 40 34 4b 1c 73 d1 c4 fd 3b cc fb 7f ab e6 3e 5b a5 ad 04 23 9c 14 51 22 f0 29 79 71 7e ff 8c 0e e2 0c ef bc 72 75 6f 37 a1 ec d3 8e 62 8b 86 10 e8 08 77 11 be 92 4f 24 c5 32 36 9d cf f3 a6 bb ac 5e 6c a9 13 57 25 b5 e3 bd a8 3a 01 05 59 2a 46 = FTable
last edited: 2023-11-24 10:34:28