# capa
# Identify malware capabilities mapped to MITRE ATT&CK framework and Malware Behavior Catalog
# FOR610 Labs: 1.4, 5.4 | Sections: 1, 5
# Docs: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files

% capabilities, mitre-attack, automated-analysis

# Basic usage
capa specimen.exe

# Verbose output with details
capa -vv specimen.exe

# Verbose output with details
capa -vv specimen.exe | grep -A7 'Suspended Process'


# --- Recipes (multi-tool chains) ---

# >> Filter Capabilities by Technique
# Full capabilities report
capa <sample>
# Verbose with rule matches
capa -vv <sample>
# Filter for specific technique
capa -vv <sample> | grep -A7 '<technique_name>'
# Find injection-related capabilities
capa -vv <sample> | grep -A7 'inject\|hollow\|suspend'