Stats
Actions
Tags
Analyzes Cuckoo/AnyRun behavior reports to detect malware sandbox evasion techniques like timing checks, VM artifacts, user interaction detection, and sleep inflation.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:analyzing-malware-sandbox-evasion-techniquesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
沙箱逃避(MITRE ATT&CK T1497)允许恶意软件检测分析环境并改变行为以规避检测。本技能分析 Cuckoo Sandbox 和 AnyRun 的行为报告中的逃避指标,包括基于时序的检查(GetTickCount、QueryPerformanceCounter、睡眠膨胀)、虚拟机工件检测(注册表键、MAC 地址前缀、进程名称如 vmtoolsd.exe)、用户交互检测(鼠标移动、键盘输入)和环境指纹识别(磁盘大小、CPU 数量、内存容量)。检测规则标记表现出这些行为的样本以供深入人工分析。
沙箱逃避(MITRE ATT&CK T1497)允许恶意软件检测分析环境并改变行为以规避检测。本技能分析 Cuckoo Sandbox 和 AnyRun 的行为报告中的逃避指标,包括基于时序的检查(GetTickCount、QueryPerformanceCounter、睡眠膨胀)、虚拟机工件检测(注册表键、MAC 地址前缀、进程名称如 vmtoolsd.exe)、用户交互检测(鼠标移动、键盘输入)和环境指纹识别(磁盘大小、CPU 数量、内存容量)。检测规则标记表现出这些行为的样本以供深入人工分析。
JSON 报告,列出检测到的逃避技术及 MITRE ATT&CK 映射、API 调用证据、逃避复杂性评分,以及逃避类别分类(时序、虚拟机检测、用户交互、环境指纹识别)。
npx claudepluginhub killvxk/cybersecurity-skills-zhDetects sandbox evasion techniques in malware behavioral reports by analyzing timing checks, VM artifact queries, user interaction detection, and sleep inflation patterns from Cuckoo/AnyRun JSON exports.
Analyzes Cuckoo/AnyRun behavioral reports for sandbox evasion techniques: timing checks, VM artifacts, user interaction detection, and sleep inflation.
Detects sandbox evasion techniques in malware from Cuckoo/AnyRun behavioral reports by analyzing timing checks, VM artifacts, user interaction detection, and sleep inflation patterns. Maps to MITRE ATT&CK T1497 for security analysts.