Crypto Library

April 3, 2025 · View on GitHub

ID	C0059
Objective(s)	Cryptography
Related ATT&CK Techniques	None
Version	2.0
Created	17 January 2021
Last Modified	5 December 2023

Crypto Library

Malware uses a crypto library.

Methods

Name	ID	Description
API Call	C0059.001	Malware uses crypto API calls.
Static Public Library	C0059.002	A public crypto library is embedded in the code.

Use in Malware

Name	Date	Method	Description
Snake	2004	C0059.001	Snake uses API calls to interface with cryptographic libraries. [1]

Detection

Tool: capa	Mapping	APIs
linked against Crypto++	Crypto Library (C0059)	--
linked against wolfCrypt	Crypto Library (C0059)	--
linked against OpenSSL	Crypto Library (C0059)	--
linked against PolarSSL/mbed TLS	Crypto Library (C0059)	--
linked against wolfSSL	Crypto Library (C0059)	--

References

[1] https://www.cybereason.com/blog/research/threat-analysis-report-snake-infostealer-malware