gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-05 20:40:05 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2538 from mandiant/williballenthin-patch-1

Browse Source 
readme: avoid scroll on github homepage
This commit is contained in:
Moritz
2024-12-17 14:28:24 +01:00
committed by GitHub
parent e3a1dbfac2 2b46796d08
commit 369fbc713e
1 changed files with 40 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
README.md
View File

@@ -38,49 +38,47 @@ Below you find a list of [our capa blog posts with more details.](#blog-posts)
``` ```
$ capa.exe suspicious.exe $ capa.exe suspicious.exe
+------------------------+--------------------------------------------------------------------------------+ +--------------------+------------------------------------------------------------------------+
| ATT&CK Tactic | ATT&CK Technique | | ATT&CK Tactic | ATT&CK Technique |
|------------------------+--------------------------------------------------------------------------------| |--------------------+------------------------------------------------------------------------|
| DEFENSE EVASION | Obfuscated Files or Information [T1027] | | DEFENSE EVASION | Obfuscated Files or Information [T1027] |
| DISCOVERY | Query Registry [T1012] | | DISCOVERY | Query Registry [T1012] |
| | System Information Discovery [T1082] | | | System Information Discovery [T1082] |
| EXECUTION | Command and Scripting Interpreter::Windows Command Shell [T1059.003] | | EXECUTION | Command and Scripting Interpreter::Windows Command Shell [T1059.003] |
| | Shared Modules [T1129] | | | Shared Modules [T1129] |
| EXFILTRATION | Exfiltration Over C2 Channel [T1041] | | EXFILTRATION | Exfiltration Over C2 Channel [T1041] |
| PERSISTENCE | Create or Modify System Process::Windows Service [T1543.003] | | PERSISTENCE | Create or Modify System Process::Windows Service [T1543.003] |
+------------------------+--------------------------------------------------------------------------------+ +--------------------+------------------------------------------------------------------------+
+-------------------------------------------------------+-------------------------------------------------+ +-------------------------------------------+-------------------------------------------------+
| CAPABILITY | NAMESPACE | | CAPABILITY | NAMESPACE |
|-------------------------------------------------------+-------------------------------------------------| |-------------------------------------------+-------------------------------------------------|
| check for OutputDebugString error | anti-analysis/anti-debugging/debugger-detection | | read and send data from client to server | c2/file-transfer |
| read and send data from client to server | c2/file-transfer | | execute shell command and capture output | c2/shell |
| execute shell command and capture output | c2/shell | | receive data (2 matches) | communication |
| receive data (2 matches) | communication | | send data (6 matches) | communication |
| send data (6 matches) | communication | | connect to HTTP server (3 matches) | communication/http/client |
| connect to HTTP server (3 matches) | communication/http/client | | send HTTP request (3 matches) | communication/http/client |
| send HTTP request (3 matches) | communication/http/client | | create pipe | communication/named-pipe/create |
| create pipe | communication/named-pipe/create | | get socket status (2 matches) | communication/socket |
| get socket status (2 matches) | communication/socket | | receive data on socket (2 matches) | communication/socket/receive |
| receive data on socket (2 matches) | communication/socket/receive | | send data on socket (3 matches) | communication/socket/send |
| send data on socket (3 matches) | communication/socket/send | | connect TCP socket | communication/socket/tcp |
| connect TCP socket | communication/socket/tcp | | encode data using Base64 | data-manipulation/encoding/base64 |
| encode data using Base64 | data-manipulation/encoding/base64 | | encode data using XOR (6 matches) | data-manipulation/encoding/xor |
| encode data using XOR (6 matches) | data-manipulation/encoding/xor | | run as a service | executable/pe |
| run as a service | executable/pe | | get common file path (3 matches) | host-interaction/file-system |
| get common file path (3 matches) | host-interaction/file-system | | read file | host-interaction/file-system/read |
| read file | host-interaction/file-system/read | | write file (2 matches) | host-interaction/file-system/write |
| write file (2 matches) | host-interaction/file-system/write | | print debug messages (2 matches) | host-interaction/log/debug/write-event |
| print debug messages (2 matches) | host-interaction/log/debug/write-event | | resolve DNS | host-interaction/network/dns/resolve |
| resolve DNS | host-interaction/network/dns/resolve | | get hostname | host-interaction/os/hostname |
| get hostname | host-interaction/os/hostname | | create process | host-interaction/process/create |
| create a process with modified I/O handles and window | host-interaction/process/create | | create registry key | host-interaction/registry/create |
| create process | host-interaction/process/create | | create service | host-interaction/service/create |
| create registry key | host-interaction/registry/create | | create thread | host-interaction/thread/create |
| create service | host-interaction/service/create | | persist via Windows service | persistence/service |
| create thread | host-interaction/thread/create | +-------------------------------------------+-------------------------------------------------+
| persist via Windows service | persistence/service |
+-------------------------------------------------------+-------------------------------------------------+
``` ```
# download and usage # download and usage