malware-analysis
Malware Analysis Skill
This skill produces analyst-grade threat reports — not data dumps. Every conclusion must be backed by evidence and reasoning.
Core Principles
- Evidence-based reasoning: Never state a conclusion without explaining WHY
- Connect the dots: Link indicators to behaviors to capabilities to impact
- Assess confidence: State how confident you are and why
- Actionable output: Reports should enable decisions, not just inform
Analysis Workflow
Step 1: Collect Data
Run all scripts to gather raw data:
More from tsale/awesome-dfir-skills
analysing-attack
Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence
5osquery-query-helper
Help users write, validate, and troubleshoot osquery SQL queries using provided osquery table schemas as the authoritative source.
5threat-actor-profiling
Build structured threat actor profiles using the 5W1H framework and the Diamond Model. Use this skill whenever the user wants to profile a threat actor, create a TA report, analyze an APT group, build an adversary profile, assess threat actor capability, map TTPs to MITRE ATT&CK for a specific group, or produce any intelligence deliverable about a threat actor. Also trigger when the user mentions threat actor names (e.g. APT29, Lazarus, FIN7), asks about victimology, modus operandi, or wants to structure threat intelligence around an adversary. This skill applies to both internal tracking profiles and incident-driven analytical deliverables.
1