Skill: Malware Analysis (Static / Capability)
CommunityClassify suspicious files and map their capabilities
Education & Research#malware analysis#ioc extraction#att&ck mapping#static triage#capability profiling#yara hunting#entropy detection
Authorrjonhaas
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It reduces analyst uncertainty by turning raw, suspicious binaries/scripts/dumps into a structured capability profile that answers what the artifact does and how it behaves.
Core Features & Use Cases
- Static identification & hashing: Extract file type, metadata, and multiple hashes for IOC logging and similarity matching.
- Packing/entropy & unpacking loop: Detect likely packing/obfuscation (e.g., UPX) and re-run analysis on unpacked payloads.
- Capability discovery with ATT&CK mapping: Use capa plus import-category heuristics to build an operational capability summary and pivot to next steps.
Quick Start
Use this skill to analyze the suspicious file 'sample.bin' end-to-end, producing file type, hashes, strings-derived IOCs, packing status, and an ATT&CK-oriented capability profile.
Dependency Matrix
Required Modules
fileexiftoolmd5sumsha256sumssdeepstringscapabinwalkupxobjdumpreadelfyarahexdumpxxdgrepawkpython3
Components
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Skill: Malware Analysis (Static / Capability) Download link: https://github.com/rjonhaas/SIFTics/archive/main.zip#skill-malware-analysis-static-capability Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.