ID | C0032 |
Objective(s) | Data |
Related ATT&CK Techniques | None |
Version | 2.0 |
Created | 13 October 2020 |
Last Modified | 5 December 2023 |
Malware may derive a checksum from some block of data. The checksum is often used for data validation.
Name | ID | Description |
---|---|---|
Adler | C0032.005 | Malware computes an Adler checksum. |
BSD | C0032.003 | Malware computes a BSD checksum. |
CRC32 | C0032.001 | Malware computes a CRC32 checksum. |
Luhn | C0032.002 | Malware uses Luhn algorithm, often to validate identification numbers (e.g, credit card number). |
Name | Date | Method | Description |
---|---|---|---|
Dark Comet | 2008 | C0032.001 | Dark Comet hashes data with CRC32. [1] |
Gamut | 2014 | C0032.001 | Gamut hashes data with CRC32. [1] |
Locky Bart | 2017 | C0032.001 | Locky Bart hashes data with CRC32. [1] |
UP007 | 2016 | C0032.001 | UP007 hashes data with CRC32. [1] |
Tool: capa | Mapping | APIs |
---|---|---|
validate payment card number using luhn algorithm | Checksum::Luhn (C0032.002) | -- |
compute adler32 checksum | Checksum::Adler (C0032.005) | -- |
hash data with CRC32 | Checksum::CRC32 (C0032.001) | RtlComputeCrc32 |
validate payment card number using luhn algorithm with lookup table | Checksum::Luhn (C0032.002) | -- |
validate payment card number using luhn algorithm with no lookup table | Checksum::Luhn (C0032.002) | -- |
[1] capa v4.0, analyzed at MITRE on 10/12/2022