Skip to content

joeavanzato/MalCommands

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
command_data
command_data
 
 
static
static
 
 
templates
templates
 
 
tool_data
tool_data
 
 
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
app.py
app.py
 
 
command_sample.yml
command_sample.yml
 
 
command_tool_loader.py
command_tool_loader.py
 
 
technique_loader.py
technique_loader.py
 
 
technique_reference.yml
technique_reference.yml
 
 
tool_descriptions.yml
tool_descriptions.yml
 
 
tool_sample.yml
tool_sample.yml
 
 

Repository files navigation

MalCommands

Designed to document and present in an easily searchable and filter-capable manner commands often associated with malicious activity.

Commands are documented with the below attributes;

  • Commandline
  • Description
  • Cyber Killchain Phases
  • MITRE Tactics and Techniques
  • Applicable OS[s]
  • Reference[s]
  • Risk [Low, Medium, High, Critical]
  • Risk Reason
  • Fidelity [Low, Medium, High]
  • Fidelity Reason
  • Threat Actors with Associated References

Tools - included attributes

  • Tool Name
  • Tool Description
  • Common Arguments
  • Tool URL
  • Tool Operating Systems
  • ? - Threat Actor References

Kill-Chain Phases Used in Command Mapping

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and Control
  • Actions on Objectives

TO DOCUMENT STILL

  • Lots...

Project References and Credits

About

Documenting Suspicious Command Lines

malcommands.com

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Languages