gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-05 20:40:05 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2538 from mandiant/williballenthin-patch-1

Browse Source 
readme: avoid scroll on github homepage
This commit is contained in:
Moritz
2024-12-17 14:28:24 +01:00
committed by GitHub
parent e3a1dbfac2 2b46796d08
commit 369fbc713e
1 changed files with 40 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@@ -38,9 +38,9 @@ Below you find a list of [our capa blog posts with more details.](#blog-posts)
```
$ capa.exe suspicious.exe
+------------------------+--------------------------------------------------------------------------------+
+--------------------+------------------------------------------------------------------------+
| ATT&CK Tactic | ATT&CK Technique |
|------------------------+--------------------------------------------------------------------------------|
|--------------------+------------------------------------------------------------------------|
| DEFENSE EVASION | Obfuscated Files or Information [T1027] |
| DISCOVERY | Query Registry [T1012] |
| | System Information Discovery [T1082] |
@@ -48,12 +48,11 @@ $ capa.exe suspicious.exe
| | Shared Modules [T1129] |
| EXFILTRATION | Exfiltration Over C2 Channel [T1041] |
| PERSISTENCE | Create or Modify System Process::Windows Service [T1543.003] |
+------------------------+--------------------------------------------------------------------------------+
+--------------------+------------------------------------------------------------------------+
+-------------------------------------------------------+-------------------------------------------------+
+-------------------------------------------+-------------------------------------------------+
| CAPABILITY | NAMESPACE |
|-------------------------------------------------------+-------------------------------------------------|
| check for OutputDebugString error | anti-analysis/anti-debugging/debugger-detection |
|-------------------------------------------+-------------------------------------------------|
| read and send data from client to server | c2/file-transfer |
| execute shell command and capture output | c2/shell |
| receive data (2 matches) | communication |
@@ -74,13 +73,12 @@ $ capa.exe suspicious.exe
| print debug messages (2 matches) | host-interaction/log/debug/write-event |
| resolve DNS | host-interaction/network/dns/resolve |
| get hostname | host-interaction/os/hostname |
| create a process with modified I/O handles and window | host-interaction/process/create |
| create process | host-interaction/process/create |
| create registry key | host-interaction/registry/create |
| create service | host-interaction/service/create |
| create thread | host-interaction/thread/create |
| persist via Windows service | persistence/service |
+-------------------------------------------------------+-------------------------------------------------+
+-------------------------------------------+-------------------------------------------------+
```
# download and usage