CINXE.COM

<!doctype html><html lang="en-US" dir="ltr"><head><base href="https://cloud.google.com/blog/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, width=device-width"><meta name="track-metadata-page_hosting_platform" content="blog_boq"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Google Cloud Blog"><meta name="apple-mobile-web-app-title" content="Google Cloud Blog"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="preconnect" href="//fonts.googleapis.com"><link rel="preconnect" href="//fonts.gstatic.com"><link rel="preconnect" href="//www.gstatic.com"><link rel="preconnect" href="//storage.googleapis.com"><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i"><link rel="manifest" crossorigin="use-credentials" href="_/TransformBlogUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//www.gstatic.com/cloud/images/icons/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//www.gstatic.com/cloud/images/icons/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//www.gstatic.com/cloud/images/icons/favicon.ico" sizes="32x32"><script data-id="_gd" nonce="5qzd77dFE350tcQs3PaJwQ">window.WIZ_global_data = {"Bwo7Jf":"%.@.\"SG\",1]","CGQM5":"%.@.[[1]]]","DpimGf":false,"EP1ykd":["/_/*","/accounts/*","/transform","/transform/*"],"FdrFJe":"2423924538200686558","Im6cmf":"/blog/_/TransformBlogUi","JvMKJd":"%.@.\"GTM-5CVQBG\",[[\"en\",\"\\u202aEnglish\\u202c\",true,\"en\"],[\"de\",\"\\u202aDeutsch\\u202c\",true,\"de\"],[\"es\",\"\\u202aEspañol\\u202c\",true,\"es\"],[\"es-419\",\"\\u202aEspañol (Latinoamérica)\\u202c\",true,\"es-419\"],[\"fr\",\"\\u202aFrançais\\u202c\",true,\"fr\"],[\"id\",\"\\u202aIndonesia\\u202c\",true,\"id\"],[\"it\",\"\\u202aItaliano\\u202c\",true,\"it\"],[\"pt-BR\",\"\\u202aPortuguês (Brasil)\\u202c\",true,\"pt-BR\"],[\"zh-CN\",\"\\u202a简体中文\\u202c\",true,\"zh-Hans\"],[\"zh-TW\",\"\\u202a繁體中文\\u202c\",true,\"zh-Hant\"],[\"ja\",\"\\u202a日本語\\u202c\",true,\"ja\"],[\"ko\",\"\\u202a한국어\\u202c\",true,\"ko\"]],[\"83405\",\"AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg\"],\"en\",null,null,[],[[\"https://cloud.google.com/innovators\",\"https://cloud.google.com/innovators/plus/activate\",\"https://cloud.google.com/innovators/innovatorsplus\"],[\"https://workspace.google.com/pricing\",\"https://www.x.com/googleworkspace\",\"https://www.facebook.com/googleworkspace\",\"https://www.youtube.com/channel/UCBmwzQnSoj9b6HzNmFrg_yw\",\"https://www.instagram.com/googleworkspace\",\"https://www.linkedin.com/showcase/googleworkspace\",\"https://about.google/?utm_source\\u003dworkspace.google.com\\u0026utm_medium\\u003dreferral\\u0026utm_campaign\\u003dgsuite-footer-en\",\"https://about.google/products/?tip\\u003dexplore\",\"https://workspace.google.com\",\"https://workspace.google.com/contact/?source\\u003dgafb-form-globalnav-en\",\"https://workspace.google.com/business/signup/welcome?hl\\u003den\\u0026source\\u003dgafb-form-globalnav-en\",\"https://workspace.google.com/blog\"],[\"https://www.cloudskillsboost.google\",\"https://www.cloudskillsboost.google?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\",\"https://www.cloudskillsboost.google/subscriptions?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreenlaunchpromo\",\"https://www.cloudskillsboost.google/subscriptions?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\",\"https://www.cloudskillsboost.google/catalog?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\",\"https://www.cloudskillsboost.google/paths?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\"],[\"https://mapsplatform.google.com\"],[\"https://cloud.google.com/developers\",\"https://cloud.google.com/developers/settings?utm_source\\u003dinnovators\"],[\"https://console.cloud.google.com/freetrial\",\"https://console.cloud.google.com/\",\"https://console.cloud.google.com/freetrial?redirectPath\\u003dhttps://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities/\"],[\"https://aitestkitchen.withgoogle.com/signup\",\"https://blog.google/technology/ai/join-us-in-the-ai-test-kitchen/\",\"https://cloud.google.com/ai\"],[\"https://googlecloudplatform.blogspot.com/\",\"https://github.com/GoogleCloudPlatform\",\"https://www.linkedin.com/company/google-cloud\",\"https://twitter.com/GoogleCloud_sg\",\"https://www.facebook.com/googlecloud\",\"https://www.youtube.com/GoogleCloudAPAC\"]],[2024,11,23],[[\"en\",\"x-default\"],\"x-default\"],[null,true],null,\"/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities/?hl\\u003den\",[\"6LcsrxUqAAAAAFhpR1lXsPN2j2nsTwy6JTbRKzJr\"]]","LVIXXb":1,"LoQv7e":false,"M55kSc":"%.@.]","MT7f9b":[],"MUE6Ne":"TransformBlogUi","PylxI":"%.@.\"cloudblog\",\"topics/threat-intelligence/capa-automatically-identify-malware-capabilities\",[\"en\",\"de\",\"fr\",\"ko\",\"ja\"],\"en\",null,\"https://cloud.google.com/blog\",\"blog_article\",\"cloud.google.com\",[\"https://console.cloud.google.com/freetrial/\",\"https://cloud.google.com/contact/\",\"https://cloud.google.com/\",\"https://cloud.google.com/blog\",\"https://cloud.google.com/\",\"https://www.google.com/\",\"https://cloud.google.com/products/\",\"https://about.google.com/products/\",\"https://about.google/intl/en/\",\"https://support.google.com\"],[\"googlecloud\",\"googlecloud\",\"showcase/google-cloud\",\"googlecloud/\",\"googlecloud/\"],true]","QrtxK":"","S06Grb":"","S6lZl":105833389,"TSDtV":"%.@.[[null,[[45449436,null,false,null,null,null,\"NCoWOd\"],[45667527,null,false,null,null,null,\"Qzt9sd\"],[45449424,null,null,null,\"default\",null,\"PB4oCc\"],[45532645,null,true,null,null,null,\"wFnpse\"],[45643590,null,false,null,null,null,\"w7jzef\"],[45449433,null,true,null,null,null,\"BotAtd\"],[45662378,null,true,null,null,null,\"DG71uf\"],[45449442,null,true,null,null,null,\"dsKk4d\"],[45449449,null,true,null,null,null,\"b5B1L\"],[45663339,null,false,null,null,null,\"OEmSkb\"],[45664956,null,false,null,null,null,\"aeNUHe\"],[45459555,null,false,null,null,null,\"Imeoqb\"],[45646404,null,false,null,null,null,\"tfPPe\"],[45651445,null,true,null,null,null,\"XzXOC\"],[45449440,null,false,null,null,null,\"j9nUqf\"],[45631885,null,false,null,null,null,\"kG32O\"],[45449445,null,true,null,null,null,\"C4H3Td\"],[45649370,null,false,null,null,null,\"LibkZ\"],[45657332,null,true,null,null,null,\"oBUucf\"],[45449438,null,false,null,null,null,\"m0uJSe\"],[45449471,null,null,null,\"default\",null,\"Ammqqf\"],[45612748,null,false,null,null,null,\"fdXYmb\"],[45449467,null,null,null,\"control\",null,\"qL2Vf\"],[45449469,null,null,null,\"default\",null,\"mBNY1\"],[45449443,null,false,null,null,null,\"wvKxS\"],[45616194,null,false,null,null,null,\"y3jdm\"],[45449434,null,true,null,null,null,\"PvZHQ\"],[45449428,null,null,null,\"default\",null,\"cbPi4d\"],[45664077,null,false,null,null,null,\"w1axY\"],[45449423,null,null,null,\"default\",null,\"FIJFKf\"],[45449450,null,false,null,null,null,\"PTNaKe\"],[45632110,null,true,null,null,null,\"QK58Od\"],[45449435,null,false,null,null,null,\"s7Z7Ld\"],[45449446,null,true,null,null,null,\"ktxJzc\"],[45449468,null,null,null,\"control\",null,\"BUEcUe\"],[45659313,null,false,null,null,null,\"i2rGv\"],[45532646,null,true,null,null,null,\"RIvlU\"],[45449439,null,true,null,null,null,\"lsuui\"],[45650156,null,false,null,null,null,\"Pr5Lcf\"],[45449422,null,null,null,\"default\",null,\"epsxQe\"],[45628378,null,true,null,null,null,\"hRRuzd\"],[45651724,null,true,null,null,null,\"xYDLRc\"],[45662552,null,false,null,null,null,\"epuB3d\"],[45449444,null,true,null,null,null,\"HGJqie\"],[45655733,null,true,null,null,null,\"xPTOyb\"],[45663526,null,false,null,null,null,\"kG33G\"]],\"CAMSIB0Z3M2IEKL+BPTvF/2KA82ttBKhkOMGFrecDRbN9Q14\"]]]","UUFaWc":"%.@.null,1000,2]","Vvafkd":false,"Yllh3e":"%.@.1732389680452211,24365432,1259532702]","aAofAd":"%.@.[[[\"Solutions \\u0026 technology\",null,[[[\"AI \\u0026 Machine Learning\",\"/blog/products/ai-machine-learning\"],[\"API Management\",\"/blog/products/api-management\"],[\"Application Development\",\"/blog/products/application-development\"],[\"Application Modernization\",\"/blog/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/products/chrome-enterprise\"],[\"Compute\",\"/blog/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/products/containers-kubernetes\"],[\"Data Analytics\",\"/blog/products/data-analytics\"],[\"Databases\",\"/blog/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/topics/maps-geospatial\"],[\"Security\",null,[[[\"Security \\u0026 Identity\",\"/blog/products/identity-security\"],[\"Threat Intelligence\",\"/blog/topics/threat-intelligence\"]]]],[\"Infrastructure\",\"/blog/products/infrastructure\"],[\"Infrastructure Modernization\",\"/blog/products/infrastructure-modernization\"],[\"Networking\",\"/blog/products/networking\"],[\"Productivity \\u0026 Collaboration\",\"/blog/products/productivity-collaboration\"],[\"SAP on Google Cloud\",\"/blog/products/sap-google-cloud\"],[\"Storage \\u0026 Data Transfer\",\"/blog/products/storage-data-transfer\"],[\"Sustainability\",\"/blog/topics/sustainability\"]]]],[\"Ecosystem\",null,[[[\"IT Leaders\",\"/transform\"],[\"Industries\",null,[[[\"Financial Services\",\"/blog/topics/financial-services\"],[\"Healthcare \\u0026 Life Sciences\",\"/blog/topics/healthcare-life-sciences\"],[\"Manufacturing\",\"/blog/topics/manufacturing\"],[\"Media \\u0026 Entertainment\",\"/blog/products/media-entertainment\"],[\"Public Sector\",\"/blog/topics/public-sector\"],[\"Retail\",\"/blog/topics/retail\"],[\"Supply Chain\",\"/blog/topics/supply-chain-logistics\"],[\"Telecommunications\",\"/blog/topics/telecommunications\"]]]],[\"Partners\",\"/blog/topics/partners\"],[\"Startups \\u0026 SMB\",\"/blog/topics/startups\"],[\"Training \\u0026 Certifications\",\"/blog/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/topics/inside-google-cloud\"],[\"Google Cloud Next \\u0026 Events\",\"/blog/topics/google-cloud-next\"],[\"Google Maps Platform\",\"https://mapsplatform.google.com/resources/blog/\"],[\"Google Workspace\",\"https://workspace.google.com/blog\"]]]],[\"Developers \\u0026 Practitioners\",\"/blog/topics/developers-practitioners\"],[\"Transform with Google Cloud\",\"/transform\"]]],[[\"de\",[[[\"Neuigkeiten\",\"/blog/de/topics/whats-new/aktuelles-auf-dem-google-cloud-blog\"],[\"Lösungen \\u0026 Technologien\",null,[[[\"Anwendungsentwicklung\",\"/blog/de/products/application-development\"],[\"Anwendungsmodernisierung\",\"/blog/de/products/anwendungsmodernisierung\"],[\"API-Verwaltung\",\"/blog/de/products/api-management\"],[\"Chrome Enterprise\",\"/blog/de/products/chrome-enterprise\"],[\"Computing\",\"/blog/de/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/de/products/containers-kubernetes\"],[\"Datenanalysen\",\"/blog/de/products/data-analytics\"],[\"Datenbanken\",\"/blog/de/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/de/products/devops-sre\"],[\"Infrastruktur\",\"/blog/de/products/infrastructure\"],[\"KI \\u0026 Machine Learning\",\"/blog/de/products/ai-machine-learning\"],[\"Maps \\u0026 Geospatial\",\"/blog/de/topics/maps-geospatial\"],[\"Modernisierung der Infrastruktur\",\"/blog/de/products/modernisierung-der-infrastruktur\"],[\"Nachhaltigkeit\",\"/blog/de/topics/nachhaltigkeit\"],[\"Netzwerk\",\"/blog/de/products/networking\"],[\"Produktivität und Zusammenarbeit\",\"/blog/de/products/produktivitaet-und-kollaboration\"],[\"SAP in Google Cloud\",\"/blog/de/products/sap-google-cloud\"],[\"Sicherheit \\u0026 Identität\",\"/blog/de/products/identity-security\"],[\"Speicher und Datentransfer\",\"/blog/de/products/storage-data-transfer\"]]]],[\"Ökosystem\",null,[[[\"IT Leader\",\"/transform/de\"],[\"Industrien\",null,[[[\"Behörden und öffentlicher Sektor\",\"/blog/de/topics/public-sector\"],[\"Einzelhandel\",\"/blog/de/topics/retail\"],[\"Fertigung\",\"/blog/de/topics/fertigung\"],[\"Finanzdienstleistungen\",\"/blog/de/topics/financial-services\"],[\"Gesundheitswesen und Biowissenschaften\",\"/blog/de/topics/healthcare-life-sciences\"],[\"Lieferkette und Logistik\",\"/blog/de/topics/lieferkette-und-logistik\"],[\"Medien und Unterhaltung\",\"/blog/de/products/media-entertainment\"],[\"Telekommunikation\",\"/blog/de/topics/telecommunications\"]]]],[\"Entwickler*innen \\u0026 Fachkräfte\",\"/blog/de/topics/developers-practitioners\"],[\"Google Cloud Next \\u0026 Events\",\"/blog/de/topics/events\"],[\"Google Maps Platform\",\"/blog/de/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/de\"],[\"Inside Google Cloud\",\"/blog/de/topics/inside-google-cloud\"],[\"Kunden\",\"/blog/de/topics/kunden\"],[\"Partner\",\"/blog/de/topics/partners\"],[\"Start-ups und KMU\",\"/blog/de/topics/startups\"],[\"Training und Zertifizierung\",\"/blog/de/topics/training-certifications\"]]]],[\"Transformation mit Google Cloud\",\"/transform/de\"]]]],[\"en\",[[[\"Solutions \\u0026 technology\",null,[[[\"AI \\u0026 Machine Learning\",\"/blog/products/ai-machine-learning\"],[\"API Management\",\"/blog/products/api-management\"],[\"Application Development\",\"/blog/products/application-development\"],[\"Application Modernization\",\"/blog/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/products/chrome-enterprise\"],[\"Compute\",\"/blog/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/products/containers-kubernetes\"],[\"Data Analytics\",\"/blog/products/data-analytics\"],[\"Databases\",\"/blog/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/topics/maps-geospatial\"],[\"Security\",null,[[[\"Security \\u0026 Identity\",\"/blog/products/identity-security\"],[\"Threat Intelligence\",\"/blog/topics/threat-intelligence\"]]]],[\"Infrastructure\",\"/blog/products/infrastructure\"],[\"Infrastructure Modernization\",\"/blog/products/infrastructure-modernization\"],[\"Networking\",\"/blog/products/networking\"],[\"Productivity \\u0026 Collaboration\",\"/blog/products/productivity-collaboration\"],[\"SAP on Google Cloud\",\"/blog/products/sap-google-cloud\"],[\"Storage \\u0026 Data Transfer\",\"/blog/products/storage-data-transfer\"],[\"Sustainability\",\"/blog/topics/sustainability\"]]]],[\"Ecosystem\",null,[[[\"IT Leaders\",\"/transform\"],[\"Industries\",null,[[[\"Financial Services\",\"/blog/topics/financial-services\"],[\"Healthcare \\u0026 Life Sciences\",\"/blog/topics/healthcare-life-sciences\"],[\"Manufacturing\",\"/blog/topics/manufacturing\"],[\"Media \\u0026 Entertainment\",\"/blog/products/media-entertainment\"],[\"Public Sector\",\"/blog/topics/public-sector\"],[\"Retail\",\"/blog/topics/retail\"],[\"Supply Chain\",\"/blog/topics/supply-chain-logistics\"],[\"Telecommunications\",\"/blog/topics/telecommunications\"]]]],[\"Partners\",\"/blog/topics/partners\"],[\"Startups \\u0026 SMB\",\"/blog/topics/startups\"],[\"Training \\u0026 Certifications\",\"/blog/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/topics/inside-google-cloud\"],[\"Google Cloud Next \\u0026 Events\",\"/blog/topics/google-cloud-next\"],[\"Google Maps Platform\",\"https://mapsplatform.google.com/resources/blog/\"],[\"Google Workspace\",\"https://workspace.google.com/blog\"]]]],[\"Developers \\u0026 Practitioners\",\"/blog/topics/developers-practitioners\"],[\"Transform with Google Cloud\",\"/transform\"]]]],[\"fr\",[[[\"Les tendances\",\"/blog/fr/topics/les-tendances/quelles-sont-les-nouveautes-de-google-cloud\"],[\"Solutions et Technologie\",null,[[[\"Analyse de données\",\"/blog/fr/products/analyse-de-donnees/\"],[\"Bases de données\",\"/blog/fr/products/databases\"],[\"Calcul\",\"/blog/fr/products/calcul/\"],[\"Chrome Entreprise\",\"/blog/fr/products/chrome-enterprise/\"],[\"Conteneurs et Kubernetes\",\"/blog/fr/products/conteneurs-et-kubernetes/\"],[\"Développement d\u0027Applications\",\"/blog/fr/products/application-development\"],[\"Développement durable\",\"/blog/fr/topics/developpement-durable\"],[\"DevOps et ingénierie SRE\",\"/blog/fr/products/devops-sre\"],[\"Gestion des API\",\"/blog/fr/products/api-management\"],[\"IA et Machine Learning\",\"/blog/fr/products/ai-machine-learning\"],[\"Infrastructure\",\"/blog/fr/products/infrastructure\"],[\"Maps et Géospatial\",\"/blog/fr/topics/maps-geospatial\"],[\"Modernisation d\u0027Applications\",\"/blog/fr/products/modernisation-dapplications/\"],[\"Modernisation d\u0027Infrastructure\",\"/blog/fr/products/modernisation-dinfrastructure/\"],[\"Networking\",\"/blog/fr/products/networking\"],[\"Productivité et Collaboration\",\"/blog/fr/products/productivite-et-collaboration\"],[\"SAP sur Google Cloud\",\"/blog/fr/products/sap-google-cloud\"],[\"Sécurité et Identité\",\"/blog/fr/products/identity-security\"],[\"Stockage et transfert de données\",\"/blog/fr/products/storage-data-transfer\"]]]],[\"Écosystème\",null,[[[\"Responsables IT\",\"/transform/fr\"],[\"Industries\",null,[[[\"Commerce\",\"/blog/fr/topics/retail\"],[\"Manufacturing\",\"/blog/fr/topics/manufacturing\"],[\"Médias et Divertissement\",\"/blog/fr/products/media-entertainment\"],[\"Santé\",\"/blog/fr/topics/healthcare-life-sciences\"],[\"Secteur Public\",\"/blog/fr/topics/public-sector\"],[\"Services Financiers\",\"/blog/fr/topics/financial-services\"],[\"Supply Chain\",\"/blog/fr/topics/supply-chain/\"],[\"Telecommunications\",\"/blog/fr/topics/telecommunications\"]]]],[\"Clients\",\"/blog/fr/topics/clients/\"],[\"Développeurs et professionnels\",\"/blog/fr/topics/developers-practitioners\"],[\"Formations et certifications\",\"/blog/fr/topics/training-certifications\"],[\"Google Cloud Next et Événements\",\"/blog/fr/topics/evenements\"],[\"Google Maps Platform\",\"/blog/fr/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/fr\"],[\"Inside Google Cloud\",\"/blog/fr/topics/inside-google-cloud\"],[\"Partenaires\",\"/blog/fr/topics/partners\"],[\"Start-ups et PME\",\"/blog/fr/topics/startups\"]]]],[\"Transformer avec Google Cloud\",\"/transform/fr\"]]]],[\"ja\",[[[\"ソリューションとテクノロジー\",null,[[[\"AI \\u0026 機械学習\",\"/blog/ja/products/ai-machine-learning\"],[\"API 管理\",\"/blog/ja/products/api-management\"],[\"アプリケーション開発\",\"/blog/ja/products/application-development\"],[\"アプリケーションモダナイゼーション\",\"/blog/ja/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/ja/products/chrome-enterprise\"],[\"コンピューティング\",\"/blog/ja/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/ja/products/containers-kubernetes\"],[\"データ分析\",\"/blog/ja/products/data-analytics\"],[\"データベース\",\"/blog/ja/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/ja/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/ja/products/maps-platform\"],[\"セキュリティ\",null,[[[\"セキュリティ \\u0026 アイデンティティ\",\"/blog/ja/products/identity-security\"],[\"脅威インテリジェンス\",\"/blog/ja/topics/threat-intelligence\"]]]],[\"インフラストラクチャ\",\"/blog/ja/products/infrastructure\"],[\"インフラモダナイゼーション\",\"/blog/ja/products/infrastructure-modernization\"],[\"ネットワーキング\",\"/blog/ja/products/networking\"],[\"生産性とコラボレーション\",\"/blog/ja/products/productivity-collaboration\"],[\"Google Cloud での SAP\",\"/blog/ja/products/sap-google-cloud\"],[\"ストレージとデータ転送\",\"/blog/ja/products/storage-data-transfer\"],[\"サステナビリティ\",\"/blog/ja/topics/sustainability\"]]]],[\"エコシステム\",null,[[[\"ITリーダー\",\"/transform/ja\"],[\"業種\",null,[[[\"金融サービス\",\"/blog/ja/topics/financial-services\"],[\"ヘルスケア、ライフサイエンス\",\"/blog/ja/topics/healthcare-life-sciences\"],[\"製造\",\"/blog/ja/topics/manufacturing\"],[\"メディア、エンターテイメント\",\"/blog/ja/products/media-entertainment\"],[\"公共部門\",\"/blog/ja/topics/public-sector\"],[\"小売業\",\"/blog/ja/topics/retail\"],[\"サプライチェーン\",\"/blog/ja/topics/supply-chain-logistics\"],[\"通信\",\"/blog/ja/topics/telecommunications\"]]]],[\"顧客事例\",\"/blog/ja/topics/customers\"],[\"パートナー\",\"/blog/ja/topics/partners\"],[\"スタートアップ \\u0026 SMB\",\"/blog/ja/topics/startups\"],[\"トレーニングと認定\",\"/blog/ja/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/ja/topics/inside-google-cloud\"],[\"Google Cloud Next とイベント\",\"/blog/ja/topics/google-cloud-next\"],[\"Google Maps Platform\",\"/blog/ja/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/ja\"]]]],[\"デベロッパー\",\"/blog/ja/topics/developers-practitioners\"],[\"Transform with Google Cloud\",\"/transform/ja\"]]]],[\"ko\",[[[\"솔루션 및 기술\",null,[[[\"AI 및 머신러닝\",\"/blog/ko/products/ai-machine-learning\"],[\"API 관리\",\"/blog/ko/products/api-management\"],[\"애플리케이션 개발\",\"/blog/ko/products/application-development\"],[\"애플리케이션 현대화\",\"/blog/ko/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/products/chrome-enterprise\"],[\"컴퓨팅\",\"/blog/ko/products/compute\"],[\"컨테이너 \\u0026 Kubernetes\",\"/blog/ko/products/containers-kubernetes\"],[\"데이터 분석\",\"/blog/ko/products/data-analytics\"],[\"데이터베이스\",\"/blog/ko/products/databases\"],[\"DevOps 및 SRE\",\"/blog/ko/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/ko/products/maps-platform\"],[\"보안\",null,[[[\"보안 \\u0026 아이덴티티\",\"/blog/ko/products/identity-security\"],[\"위협 인텔리전스\",\"/blog/ko/topics/threat-intelligence\"]]]],[\"인프라\",\"/blog/ko/products/infrastructure\"],[\"Infrastructure Modernization\",\"/blog/ko/products/infrastructure-modernization\"],[\"네트워킹\",\"/blog/ko/products/networking\"],[\"생산성 및 공동작업\",\"/blog/ko/products/productivity-collaboration\"],[\"SAP on Google Cloud\",\"/blog/ko/products/sap-google-cloud\"],[\"스토리지 및 데이터 전송\",\"/blog/ko/products/storage-data-transfer\"],[\"지속가능성\",\"/blog/ko/topics/sustainability\"]]]],[\"에코시스템\",null,[[[\"IT Leaders\",\"/transform/ko\"],[\"업종\",null,[[[\"금융 서비스\",\"/blog/ko/topics/financial-services\"],[\"의료 및 생명과학\",\"/blog/ko/topics/healthcare-life-sciences\"],[\"제조업\",\"/blog/ko/topics/manufacturing\"],[\"미디어 및 엔터테인먼트\",\"/blog/ko/products/media-entertainment\"],[\"공공부문\",\"/blog/ko/topics/public-sector\"],[\"소매업\",\"/blog/ko/topics/retail\"],[\"공급망\",\"/blog/topics/supply-chain-logistics\"],[\"통신\",\"/blog/ko/topics/telecommunications\"]]]],[\"고객 사례\",\"/blog/ko/topics/customers\"],[\"파트너\",\"/blog/ko/topics/partners\"],[\"스타트업 \\u0026 SMB\",\"/blog/ko/topics/startups\"],[\"교육 \\u0026 인증\",\"/blog/ko/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/ko/topics/inside-google-cloud\"],[\"Google Cloud Next 및 이벤트\",\"/blog/ko/topics/google-cloud-next\"],[\"Google Maps Platform\",\"/blog/ko/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/ko\"]]]],[\"개발 및 IT운영\",\"/blog/ko/topics/developers-practitioners\"],[\"Google Cloud와 함께 하는 디지털 혁신\",\"/transform/ko\"]]]]]]","cfb2h":"boq_cloudx-web-blog-uiserver_20241121.08_p0","eptZe":"/blog/_/TransformBlogUi/","f8POw":"%.@.[97442199,1714257,97785988,97863042,93778619,93874004,48554497,1706538,48897392,97684535,97535270,97656899,97863170,97517172,48887082,48830069,97716269,48489819,97442181,97785970,93873986,97684517,97656881,97517154,48887064],null,null,null,null,true]","fPDxwd":[97517172,97684535,97863042,97863170],"gGcLoe":false,"iCzhFc":false,"nQyAE":{"b5B1L":"true","PTNaKe":"false","ktxJzc":"true","BUEcUe":"control","XzXOC":"true","kG32O":"false","C4H3Td":"true","w1axY":"false","Pr5Lcf":"false","kG33G":"false","OEmSkb":"false","aeNUHe":"false","j9nUqf":"false","wvKxS":"false","wFnpse":"true","tfPPe":"false","LibkZ":"false","m0uJSe":"false","PvZHQ":"true","s7Z7Ld":"false","i2rGv":"false","RIvlU":"true","lsuui":"true","HGJqie":"true","NCoWOd":"false","Qzt9sd":"false","dsKk4d":"true","fdXYmb":"false","epuB3d":"false","BotAtd":"true"},"p9hQne":"https://www.gstatic.com/_/boq-cloudx-web-blog/_/r/","qwAQke":"TransformBlogUi","rtQCxc":-480,"u4g7r":"%.@.null,1000,2]","vJ2GOe":"%.@.null,[[\"de\",[[[\"Themen\",null,[[[\"Product Announcements\",\"/blog/de/product-announcements\"],[\"KI \\u0026 Machine Learning\",\"/blog/de/ai-machine-learning\"],[\"Produktivität und Kollaboration\",\"/blog/de/productivity-collaboration\"],[\"Identität und Sicherheit\",\"/blog/de/identity-and-security\"],[\"Future of Work\",\"/blog/de/future-of-work\"],[\"Hybrides Arbeiten\",\"/blog/de/hybrid-work\"],[\"Kundenreferenzen\",\"/blog/de/customer-stories\"],[\"Entwickler*innen und Fachkräfte\",\"/blog/de/developers-practitioners\"],[\"Partner\",\"/blog/de/partners\"],[\"Events\",\"/blog/de/events\"],[\"Öffentlicher Sektor\",\"/blog/de/public-sector\"]]]],[\"Produktneuigkeiten\",null,[[[\"Gmail\",\"/blog/de/gmail\"],[\"Meet\",\"/blog/de/meet\"],[\"Chat and Spaces\",\"/blog/de/chat-spaces\"],[\"Drive\",\"/blog/de/drive\"],[\"Docs\",\"/blog/de/docs\"],[\"Sheets\",\"/blog/de/sheets\"]]]]]]],[\"en\",[[[\"Topics\",null,[[[\"Product Announcements\",\"/blog/product-announcements\"],[\"AI and Machine Learning\",\"/blog/ai-machine-learning\"],[\"Productivity and Collaboration\",\"/blog/productivity-collaboration\"],[\"Identity and Security\",\"/blog/identity-and-security\"],[\"Future of Work\",\"/blog/future-of-work\"],[\"Hybrid Work\",\"/blog/hybrid-work\"],[\"Customer Stories\",\"/blog/customer-stories\"],[\"Developers and Practitioners\",\"/blog/developers-practitioners\"],[\"Partners\",\"/blog/partners\"],[\"Events\",\"/blog/events\"],[\"Public Sector\",\"/blog/public-sector\"]]]],[\"Product News\",null,[[[\"Gmail\",\"/blog/gmail\"],[\"Meet\",\"/blog/meet\"],[\"Chat and Spaces\",\"/blog/chat-spaces\"],[\"Drive\",\"/blog/drive\"],[\"Docs\",\"/blog/docs\"],[\"Sheets\",\"/blog/sheets\"]]]]]]],[\"fr\",[[[\"Thèmes\",null,[[[\"Product Announcements\",\"/blog/fr/product-announcements\"],[\"IA et Machine Learning\",\"/blog/fr/ai-machine-learning\"],[\"Productivité et Collaboration\",\"/blog/fr/productivity-collaboration\"],[\"Identité et Sécurité\",\"/blog/fr/identity-and-security\"],[\"L\u0027avenir du travail\",\"/blog/fr/future-of-work\"],[\"Travail hybride\",\"/blog/fr/hybrid-work\"],[\"Témoignages Clients\",\"/blog/fr/customer-stories\"],[\"Développeurs et professionnels\",\"/blog/fr/developers-practitioners\"],[\"Partenaires\",\"/blog/fr/partners\"],[\"Événements\",\"/blog/fr/events\"],[\"Secteur Public\",\"/blog/fr/public-sector\"]]]],[\"Annonces sur les produits\",null,[[[\"Gmail\",\"/blog/fr/gmail\"],[\"Meet\",\"/blog/fr/meet\"],[\"Chat et Spaces\",\"/blog/fr/chat-spaces\"],[\"Drive\",\"/blog/fr/drive\"],[\"Docs\",\"/blog/fr/docs\"],[\"Sheets\",\"/blog/fr/sheets\"]]]]]]],[\"ja\",[[[\"トピック\",null,[[[\"プロダクトの発表\",\"/blog/ja/product-announcements\"],[\"AI \\u0026 機械学習\",\"/blog/ja/ai-machine-learning\"],[\"生産性とコラボレーション\",\"/blog/ja/productivity-collaboration\"],[\"アイデンティティとセキュリティ\",\"/blog/ja/identity-and-security\"],[\"未来の働き方\",\"/blog/ja/future-of-work\"],[\"ハイブリッドな働き方\",\"/blog/ja/hybrid-work\"],[\"顧客事例\",\"/blog/ja/customer-stories\"],[\"デベロッパー\",\"/blog/ja/developers-practitioners\"],[\"パートナー\",\"/blog/ja/partners\"],[\"イベント\",\"/blog/ja/events\"],[\"公共部門\",\"/blog/ja/public-sector\"]]]],[\"製品ニュース\",null,[[[\"Gmail\",\"/blog/ja/gmail\"],[\"Meet\",\"/blog/ja/meet\"],[\"Chat and Spaces\",\"/blog/ja/chat-spaces\"],[\"ドライブ\",\"/blog/ja/drive\"],[\"ドキュメント\",\"/blog/ja/docs\"],[\"スプレッドシート\",\"/blog/ja/sheets\"]]]]]]],[\"ko\",[[[\"주제\",null,[[[\"제품 업데이트\",\"/blog/ko/product-announcements\"],[\"AI 및 머신러닝\",\"/blog/ko/ai-machine-learning\"],[\"생산성 및 공동작업\",\"/blog/ko/productivity-collaboration\"],[\"인증 및 보안 \",\"/blog/ko/identity-and-security\"],[\"Future of Work\",\"/blog/ko/future-of-work\"],[\"하이브리드 업무\",\"/blog/ko/hybrid-work\"],[\"고객 사례\",\"/blog/ko/customer-stories\"],[\"개발자\",\"/blog/ko/developers-practitioners\"],[\"파트너\",\"/blog/ko/partners\"],[\"이벤트\",\"/blog/ko/events\"],[\"공공부문\",\"/blog/ko/public-sector\"]]]],[\"제품 소식\",null,[[[\"Gmail\",\"/blog/ko/gmail\"],[\"Meet\",\"/blog/ko/meet\"],[\"Chat 및 Spaces\",\"/blog/ko/chat-spaces\"],[\"Drive\",\"/blog/ko/drive\"],[\"Docs\",\"/blog/ko/docs\"],[\"Sheets\",\"/blog/ko/sheets\"]]]]]]]],null,[[\"de\",[[[[[\"Enthaltene Anwendungen\",\"https://workspace.google.com/intl/de/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/de/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/de/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/de/products/chat/\"],[\"Kalender\",\"https://workspace.google.com/intl/de/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/intl/de/products/drive/\"],[\"Docs\",\"https://workspace.google.com/intl/de/products/docs/\"],[\"Tabellen\",\"https://workspace.google.com/intl/de/products/sheets/\"],[\"Präsentationen\",\"https://workspace.google.com/intl/de/products/slides/\"],[\"Formulare\",\"https://workspace.google.com/intl/de/products/forms/\"],[\"Sites\",\"https://workspace.google.com/intl/de/products/sites/\"],[\"Notizen\",\"https://workspace.google.com/intl/de/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/de/products/apps-script/\"]]]]]],[[[\"Sicherheit und Verwaltung\",\"https://workspace.google.com/intl/de/security/\",[[[\"Admin\",\"https://workspace.google.com/intl/de/products/admin/\"],[\"Endpunkt\",\"https://workspace.google.com/intl/de/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/de/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/de/products/workinsights/\"]]]],[\"Lösungen\",\"https://workspace.google.com/intl/de/solutions/\",[[[\"Neue Unternehmen\",\"https://workspace.google.com/intl/de/business/new-business/\"],[\"Kleine Unternehmen\",\"https://workspace.google.com/intl/de/business/small-business/\"],[\"Große Unternehmen\",\"https://workspace.google.com/intl/de/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"Nonprofit-Organisationen\",\"https://www.google.com/nonprofits/\"]]]]]],[[[\"Preise\",\"https://workspace.google.com/intl/de/pricing.html\",[[[\"Version auswählen\",\"https://workspace.google.com/intl/de/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini für Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Google Voice\",\"https://workspace.google.com/intl/de/products/voice/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"Ressourcen\",\"https://workspace.google.com/intl/de/faq/\",[[[\"Telearbeit\",\"https://workspace.google.com/intl/de/working-remotely/\"],[\"Sicherheit\",\"https://workspace.google.com/intl/de/security/\"],[\"FAQ\",\"https://workspace.google.com/intl/de/faq/\"],[\"Partner\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Google Workspace Marketplace\",\"https://workspace.google.com/marketplace/\"],[\"Integrationen\",\"https://workspace.google.com/intl/de/integrations/\"],[\"Schulung \\u0026 Zertifizierung\",\"https://workspace.google.com/intl/de/training/\"]]]]]],[[[\"Schulung und Support\",\"https://workspace.google.com/intl/de/support/\",[[[\"Admin-Hilfe\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"Einrichtungs- und Bereitstellungscenter\",\"https://workspace.google.com/setup/?hl\\u003dde\"],[\"Schulungscenter für Nutzer\",\"https://workspace.google.com/intl/de/learning-center/\"],[\"Foren für Administratoren\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace-Dashboard\",\"https://www.google.com/appsstatus\"],[\"Presse\",\"https://cloud.google.com/press/\"]]]],[\"Mehr von Google\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dde\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google Lösungen für Unternehmen\",\"https://www.google.com/intl/de/services/\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dde-de-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"An Nutzerstudien teilnehmen\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"en\",[[[[[\"Included applications\",\"https://workspace.google.com/features/\",[[[\"Gmail\",\"https://workspace.google.com/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/products/meet/\"],[\"Chat\",\"https://workspace.google.com/products/chat/\"],[\"Calendar\",\"https://workspace.google.com/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/products/drive/\"],[\"Docs\",\"https://workspace.google.com/products/docs/\"],[\"Sheets\",\"https://workspace.google.com/products/sheets/\"],[\"Slides\",\"https://workspace.google.com/products/slides/\"],[\"Forms\",\"https://workspace.google.com/products/forms/\"],[\"Sites\",\"https://workspace.google.com/products/sites/\"],[\"Keep\",\"https://workspace.google.com/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/products/apps-script/\"]]]]]],[[[\"Security and management\",\"https://workspace.google.com/security/\",[[[\"Admin\",\"https://workspace.google.com/products/admin/\"],[\"Endpoint\",\"https://workspace.google.com/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/products/workinsights/\"]]]],[\"Solutions\",\"https://workspace.google.com/solutions/\",[[[\"New Business\",\"https://workspace.google.com/business/new-business/\"],[\"Small Business\",\"https://workspace.google.com/business/small-business/\"],[\"Enterprise\",\"https://workspace.google.com/solutions/enterprise/\"],[\"Retail\",\"https://workspace.google.com/industries/retail/\"],[\"Manufacturing\",\"https://workspace.google.com/industries/manufacturing/\"],[\"Professional Services\",\"https://workspace.google.com/industries/professional-services/\"],[\"Technology\",\"https://workspace.google.com/industries/technology/\"],[\"Healthcare\",\"https://workspace.google.com/industries/healthcare/\"],[\"Government\",\"https://workspace.google.com/industries/government/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"Nonprofits\",\"https://www.google.com/nonprofits/\"],[\"Artificial Intelligence\",\"https://workspace.google.com/solutions/ai/\"]]]]]],[[[\"Pricing\",\"https://workspace.google.com/pricing.html\",[[[\"Compare pricing plans\",\"https://workspace.google.com/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini for Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Meet hardware\",\"https://workspace.google.com/products/meet-hardware/\"],[\"Google Voice\",\"https://workspace.google.com/products/voice/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"Resources\",\"https://workspace.google.com/faq/\",[[[\"Working remotely\",\"https://workspace.google.com/working-remotely/\"],[\"Security\",\"https://workspace.google.com/security/\"],[\"Customer Stories\",\"https://workspace.google.com/customers/\"],[\"FAQs\",\"https://workspace.google.com/faq/\"],[\"Partners\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/marketplace/\"],[\"Integrations\",\"https://workspace.google.com/integrations/\"],[\"Training \\u0026 Certification\",\"https://workspace.google.com/training/\"],[\"Refer Google Workspace\",\"https://workspace.google.com/landing/partners/referral/\"]]]]]],[[[\"Learning and support\",\"https://workspace.google.com/support/\",[[[\"Admin Help\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"Setup and Deployment Center\",\"https://workspace.google.com/setup\"],[\"Learning Center for Users\",\"https://workspace.google.com/learning-center/\"],[\"Forums for Admins\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace Dashboard\",\"https://www.google.com/appsstatus\"],[\"What\u0027s New in Google Workspace\",\"https://workspace.google.com/whatsnew/\"],[\"Find a Google Workspace Partner\",\"https://www.google.com/a/partnersearch/\"],[\"Join the community of IT Admins\",\"https://www.googlecloudcommunity.com/gc/Google-Workspace/ct-p/google-workspace\"],[\"Press\",\"https://cloud.google.com/press/\"]]]],[\"More from Google\",null,[[[\"Google Cloud\",\"https://cloud.google.com/\"],[\"Google Domains\",\"https://domains.google.com/about/?utm_source\\u003dgoogleappsforwork\\u0026utm_medium\\u003dreferral\\u0026utm_campaign\\u003dgooglepromos\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google Business Solutions\",\"https://www.google.com/services/\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dus-en-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"Join User Studies\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"fr\",[[[[[\"Enthaltene Anwendungen\",\"https://workspace.google.com/intl/fr/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/fr/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/fr/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/fr/products/chat/\"],[\"Google Agenda\",\"https://workspace.google.com/intl/fr/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/intl/fr/products/drive/\"],[\"Docs\",\"https://workspace.google.com/intl/fr/products/docs/\"],[\"Sheets\",\"https://workspace.google.com/intl/fr/products/sheets/\"],[\"Slides\",\"https://workspace.google.com/intl/fr/products/slides/\"],[\"Forms\",\"https://workspace.google.com/intl/fr/products/forms/\"],[\"Google Sites\",\"https://workspace.google.com/intl/fr/products/sites/\"],[\"Keep\",\"https://workspace.google.com/intl/fr/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/fr/products/apps-script/\"]]]]]],[[[\"Sécurité et gestion\",\"https://workspace.google.com/intl/fr/security/\",[[[\"Console d\u0027administration\",\"https://workspace.google.com/intl/fr/products/admin/\"],[\"Point de terminaison\",\"https://workspace.google.com/intl/fr/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/fr/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/fr/products/workinsights/\"]]]],[\"Solutions\",\"https://workspace.google.com/intl/fr/solutions/\",[[[\"Nouvelle entreprise\",\"https://workspace.google.com/intl/fr/business/new-business/\"],[\"PME\",\"https://workspace.google.com/intl/fr/business/small-business/\"],[\"Grande entreprise\",\"https://workspace.google.com/intl/fr/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"Associations\",\"https://www.google.com/nonprofits/\"]]]]]],[[[\"Tarifs\",\"https://workspace.google.com/intl/fr/pricing.html\",[[[\"Choisissez une édition\",\"https://workspace.google.com/intl/fr/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini pour Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Matériel Meet\",\"https://workspace.google.com/intl/fr/products/meet-hardware/\"],[\"Google Voice\",\"https://workspace.google.com/intl/fr/products/voice/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"Ressources\",\"https://workspace.google.com/intl/fr/faq/\",[[[\"Travail à distance\",\"https://workspace.google.com/intl/fr/working-remotely/\"],[\"Sécurité\",\"https://workspace.google.com/intl/fr/security/\"],[\"Questions fréquentes\",\"https://workspace.google.com/intl/fr/faq/\"],[\"Partenaires\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/marketplace/\"],[\"Intégrations\",\"https://workspace.google.com/intl/fr/integrations/\"],[\"Formation et certification\",\"https://workspace.google.com/intl/fr/training/\"]]]]]],[[[\"Formation et assistance\",\"https://workspace.google.com/intl/fr/support/\",[[[\"Aide pour les administrateurs\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"Centre de configuration et de déploiement\",\"https://workspace.google.com/setup/?hl\\u003dfr\"],[\"Centre de formation pour les utilisateurs\",\"https://workspace.google.com/intl/fr/learning-center/\"],[\"Forums pour les administrateurs\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Tableau de bord Google Workspace\",\"https://www.google.com/appsstatus#hl\\u003dfr\"],[\"Rechercher un partenaire Google Workspace\",\"https://www.google.com/a/partnersearch/?hl\\u003dfr#home\"],[\"Presse\",\"https://cloud.google.com/press/\"]]]],[\"Autres ressources Google\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dfr\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Solutions d\u0027entreprise Google\",\"https://www.google.com/intl/fr/services/\"],[\"Google pour les Pros\",\"https://pourlespros.withgoogle.com/?utm_source\\u003dEngagement\\u0026utm_medium\\u003dep\\u0026utm_term\\u003dSMB\\u0026utm_content\\u003dFR%20Apps%20for%20work%20footert\\u0026utm_campaign\\u003dQ4_2015%20FR%20Apps%20for%20work%20footer\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dfr-fr-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"Participer aux études sur l\u0027expérience utilisateur\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"ja\",[[[[[\"ご利用いただけるアプリケーション\",\"https://workspace.google.com/intl/ja/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/ja/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/ja/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/ja/products/chat/\"],[\"カレンダー\",\"https://workspace.google.com/intl/ja/products/calendar/\"],[\"ドライブ\",\"https://workspace.google.com/intl/ja/products/drive/\"],[\"ドキュメント\",\"https://workspace.google.com/intl/ja/products/docs/\"],[\"スプレッドシート\",\"https://workspace.google.com/intl/ja/products/sheets/\"],[\"スライド\",\"https://workspace.google.com/intl/ja/products/slides/\"],[\"フォーム\",\"https://workspace.google.com/intl/ja/products/forms/\"],[\"サイト\",\"https://workspace.google.com/intl/ja/products/sites/\"],[\"Keep\",\"https://workspace.google.com/intl/ja/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/ja/products/apps-script/\"]]]]]],[[[\"セキュリティと管理\",\"https://workspace.google.com/intl/ja/security/\",[[[\"管理コンソール\",\"https://workspace.google.com/intl/ja/products/admin/\"],[\"エンドポイント\",\"https://workspace.google.com/intl/ja/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/ja/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/ja/products/workinsights/\"]]]],[\"ソリューション\",\"https://workspace.google.com/intl/ja/solutions/\",[[[\"新規ビジネス\",\"https://workspace.google.com/intl/ja/business/new-business/\"],[\"小規模ビジネス\",\"https://workspace.google.com/intl/ja/business/small-business/\"],[\"大規模ビジネス\",\"https://workspace.google.com/intl/ja/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/intl/ja/products/workspace-for-education/education-fundamentals/\"],[\"非営利団体\",\"https://www.google.com/intl/ja/nonprofits/\"]]]]]],[[[\"料金\",\"https://workspace.google.com/intl/ja/pricing.html\",[[[\"エディションを選ぶ\",\"https://workspace.google.com/intl/ja/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini for Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Meet ハードウェア\",\"https://workspace.google.com/intl/ja/products/meet-hardware/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"関連情報\",\"https://workspace.google.com/intl/ja/faq/\",[[[\"リモートワーク\",\"https://workspace.google.com/intl/ja/working-remotely/\"],[\"セキュリティ\",\"https://workspace.google.com/intl/ja/security/\"],[\"事例紹介\",\"https://workspace.google.com/intl/ja/customers/\"],[\"よくある質問\",\"https://workspace.google.com/intl/ja/faq/\"],[\"パートナー\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/intl/ja/marketplace/\"],[\"統合\",\"https://workspace.google.com/intl/ja/integrations/\"],[\"トレーニングと認定資格\",\"https://workspace.google.com/intl/ja/training/\"]]]]]],[[[\"学習とサポート\",\"https://workspace.google.com/intl/ja/support/\",[[[\"管理者用ヘルプ\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"設定と導入のガイド\",\"https://workspace.google.com/setup/?hl\\u003dja\"],[\"ユーザー向けラーニングセンター\",\"https://workspace.google.com/intl/ja/learning-center/\"],[\"管理者向けフォーラム\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace ステータスダッシュボード\",\"https://www.google.com/appsstatus#hl\\u003dja\"],[\"Google Workspace パートナーを探す\",\"https://www.google.com/a/partnersearch/?hl\\u003dja#home\"],[\"プレスリリース\",\"https://cloud.google.com/press/?hl\\u003dja\"]]]],[\"その他の Google サービス\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dja\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google ビジネスソリューション\",\"https://www.google.com/intl/ja/services/\"],[\"Google 広告\",\"https://ads.google.com/home/?subid\\u003dja-ja-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"ユーザー調査に参加する\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"ko\",[[[[[\"포함된 애플리케이션\",\"https://workspace.google.com/intl/ko/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/ko/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/ko/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/ko/products/chat/\"],[\"Calendar\",\"https://workspace.google.com/intl/ko/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/intl/ko/products/drive/\"],[\"Docs\",\"https://workspace.google.com/intl/ko/products/docs/\"],[\"Sheets\",\"https://workspace.google.com/intl/ko/products/sheets/\"],[\"Slides\",\"https://workspace.google.com/intl/ko/products/slides/\"],[\"설문지\",\"https://workspace.google.com/intl/ko/products/forms/\"],[\"사이트 도구\",\"https://workspace.google.com/intl/ko/products/sites/\"],[\"Keep\",\"https://workspace.google.com/intl/ko/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/ko/products/apps-script/\"]]]]]],[[[\"보안 및 관리\",\"https://workspace.google.com/intl/ko/security/\",[[[\"관리\",\"https://workspace.google.com/intl/ko/products/admin/\"],[\"엔드포인트\",\"https://workspace.google.com/intl/ko/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/ko/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/ko/products/workinsights/\"]]]],[\"솔루션\",\"https://workspace.google.com/intl/ko/solutions/\",[[[\"신규 업체\",\"https://workspace.google.com/intl/ko/business/new-business/\"],[\"중소기업\",\"https://workspace.google.com/intl/ko/business/small-business/\"],[\"엔터프라이즈\",\"https://workspace.google.com/intl/ko/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"비영리단체\",\"https://www.google.com/nonprofits/\"]]]]]],[[[\"가격\",\"https://workspace.google.com/intl/ko/pricing.html\",[[[\"버전 선택\",\"https://workspace.google.com/intl/ko/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Workspace를 위한 Gemini\",\"https://workspace.google.com/solutions/ai/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"리소스\",\"https://workspace.google.com/intl/ko/faq/\",[[[\"원격 근무\",\"https://workspace.google.com/intl/ko/working-remotely/\"],[\"보안\",\"https://workspace.google.com/intl/ko/security/\"],[\"FAQ\",\"https://workspace.google.com/intl/ko/faq/\"],[\"파트너\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/intl/ko/marketplace/\"],[\"통합\",\"https://workspace.google.com/intl/ko/integrations/\"],[\"교육 및 인증\",\"https://workspace.google.com/intl/ko/training/\"]]]]]],[[[\"학습 및 지원\",\"https://workspace.google.com/intl/ko/support/\",[[[\"관리자 도움말\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"설치 및 배포 센터\",\"https://workspace.google.com/setup/?hl\\u003dko\"],[\"사용자를 위한 학습 센터\",\"https://workspace.google.com/intl/ko/learning-center/\"],[\"관리자 포럼\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace 대시보드\",\"https://www.google.com/appsstatus#hl\\u003dko\"],[\"Google Workspace 파트너 찾기\",\"https://www.google.com/a/partnersearch/?hl\\u003dko#home\"],[\"보도자료\",\"https://cloud.google.com/press/\"]]]],[\"Google의 다른 제품\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dko\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google 비즈니스 솔루션\",\"https://www.google.com/intl/ko_kr/business/\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dkr-ko-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"사용자 연구 참여\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]]]]","w2btAe":"%.@.null,null,\"\",false,null,null,true,false]","xn5OId":false,"xnI9P":true,"xwAfE":true,"y2FhP":"prod","yFnxrf":1884,"zChJod":"%.@.]"};</script><script nonce="5qzd77dFE350tcQs3PaJwQ">(function(){'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(e){if(d&&d.now&&d.mark){var g=d.mark(e);if(g)return g.startTime;if(d.getEntriesByName&&(e=d.getEntriesByName(e).pop()))return e.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(e){return e.hasAttribute("data-src")||e.hasAttribute("data-ils")||e.getAttribute("loading")==="lazy"}; a.l=function(e){function g(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=e;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c||c.style.display=="none")return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputedStyle(c),f.height=="0px"||f.width=="0px"||f.visibility=="hidden"))return!1;if(!c.getBoundingClientRect)return!0; var h=c.getBoundingClientRect();c=h.left+a.pageXOffset;f=h.top+a.pageYOffset;if(f+h.height<0||c+h.width<0||h.height<=0||h.width<=0)return!1;b=b.documentElement;return f<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;b.tagName!="IMG"||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=a.aft_counter.indexOf(b),b!==-1&&(b=a.aft_counter.splice(b, 1).length===1,a.aft_counter.length===0&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this); l('DK1zsb')</script><script nonce="5qzd77dFE350tcQs3PaJwQ">var _F_cssRowKey = 'boq-cloudx-web-blog.TransformBlogUi.kBvWwdAt86U.L.X.O';var _F_combinedSignature = 'AHrnUqUMne414GLMZipCdLurIRsd0ykfYQ';function _DumpException(e) {throw e;}</script><link rel="stylesheet" href="https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.kBvWwdAt86U.L.X.O/am=OBgwCw/d=1/ed=1/rs=AHrnUqUdHr1ILLldbe8xmK4BOgod6WRp4g/m=articleview,_b,_tp" data-id="_cl" nonce="pb5jChMFKtzhx6dcCqSSzQ"><script nonce="5qzd77dFE350tcQs3PaJwQ">onCssLoad();</script><style nonce="pb5jChMFKtzhx6dcCqSSzQ">@font-face{font-family:'Product Sans';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eK.eot);}@font-face{font-family:'Google Sans';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy0.eot);}@font-face{font-family:'Google Sans';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy0.eot);}@font-face{font-family:'Google Sans';font-style:normal;font-weight:700;src:url(https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrzjJ5llpy0.eot);}@font-face{font-family:'Google Sans Display';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79pQ.eot);}@font-face{font-family:'Google Sans Display';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7SA.eot);}@font-face{font-family:'Google Sans Display';font-style:normal;font-weight:700;src:url(https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBD7SA.eot);}</style><script nonce="5qzd77dFE350tcQs3PaJwQ">(function(){'use strict';function e(){var a=g,b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var l=this||self;/* Copyright 2024 Google, Inc SPDX-License-Identifier: MIT */ var m=["focus","blur","error","load","toggle"];function n(a){return a==="mouseenter"?"mouseover":a==="mouseleave"?"mouseout":a==="pointerenter"?"pointerover":a==="pointerleave"?"pointerout":a};function p(a){this.l={};this.m={};this.i=null;this.g=[];this.o=a}p.prototype.handleEvent=function(a,b,c){q(this,{eventType:a,event:b,targetElement:b.target,eic:c,timeStamp:Date.now(),eia:void 0,eirp:void 0,eiack:void 0})};function q(a,b){if(a.i)a.i(b);else{b.eirp=!0;var c;(c=a.g)==null||c.push(b)}} function r(a,b,c){if(!(b in a.l)&&a.o){var d=function(h,f,B){a.handleEvent(h,f,B)};a.l[b]=d;c=n(c||b);if(c!==b){var k=a.m[c]||[];k.push(b);a.m[c]=k}a.o.addEventListener(c,function(h){return function(f){d(b,f,h)}},void 0)}}p.prototype.j=function(a){return this.l[a]};p.prototype.ecrd=function(a){this.i=a;var b;if((b=this.g)==null?0:b.length){for(a=0;a<this.g.length;a++)q(this,this.g[a]);this.g=null}};var t=typeof navigator!=="undefined"&&/iPhone|iPad|iPod/.test(navigator.userAgent);function u(a){this.g=a;this.i=[]}u.prototype.addEventListener=function(a,b,c){t&&(this.g.style.cursor="pointer");var d=this.i,k=d.push,h=this.g;b=b(this.g);var f=!1;m.indexOf(a)>=0&&(f=!0);h.addEventListener(a,b,typeof c==="boolean"?{capture:f,passive:c}:f);k.call(d,{eventType:a,j:b,capture:f,passive:c})};var g="click dblclick focus focusin blur error focusout keydown keyup keypress load mouseover mouseout mouseenter mouseleave submit toggle touchstart touchend touchmove touchcancel auxclick change compositionstart compositionupdate compositionend beforeinput input select textinput copy cut paste mousedown mouseup wheel contextmenu dragover dragenter dragleave drop dragstart dragend pointerdown pointermove pointerup pointercancel pointerenter pointerleave pointerover pointerout gotpointercapture lostpointercapture ended loadedmetadata pagehide pageshow visibilitychange beforematch".split(" "); if(!(g instanceof Array)){var v;var w=typeof Symbol!="undefined"&&Symbol.iterator&&g[Symbol.iterator];if(w)v=w.call(g);else if(typeof g.length=="number")v={next:e()};else throw Error(String(g)+" is not an iterable or ArrayLike");for(var x,y=[];!(x=v.next()).done;)y.push(x.value)};var z=function(a){return{trigger:function(b){var c=a.j(b.type);c||(r(a,b.type),c=a.j(b.type));var d=b.target||b.srcElement;c&&c(b.type,b,d.ownerDocument.documentElement)},configure:function(b){b(a)}}}(function(){var a=window,b=new u(a.document.documentElement),c=new p(b);g.forEach(function(h){return r(c,h)});var d,k;"onwebkitanimationend"in a&&(d="webkitAnimationEnd");r(c,"animationend",d);"onwebkittransitionend"in a&&(k="webkitTransitionEnd");r(c,"transitionend",k);return{s:c,u:b}}().s),A=["BOQ_wizbind"], C=window||l;A[0]in C||typeof C.execScript=="undefined"||C.execScript("var "+A[0]);for(var D;A.length&&(D=A.shift());)A.length||z===void 0?C[D]&&C[D]!==Object.prototype[D]?C=C[D]:C=C[D]={}:C[D]=z;}).call(this); </script><script noCollect src="https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.gC3IVRdc-js.es5.O/am=OBgwCw/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqUC0U47L_N8kMcLkQijaVUP_3FZOw/m=_b,_tp" defer id="base-js" fetchpriority="high" nonce="5qzd77dFE350tcQs3PaJwQ"></script><script nonce="5qzd77dFE350tcQs3PaJwQ">if (window.BOQ_loadedInitialJS) {onJsLoad();} else {document.getElementById('base-js').addEventListener('load', onJsLoad, false);}</script><script nonce="5qzd77dFE350tcQs3PaJwQ"> window['_wjdc'] = function (d) {window['_wjdd'] = d}; </script><title>capa: Automatically Identify Malware Capabilities | Mandiant | Google Cloud Blog</title><meta name="description" content=""><meta name="robots" content="max-image-preview:large"><meta property="og:title" content="capa: Automatically Identify Malware Capabilities | Mandiant | Google Cloud Blog"><meta property="og:type" content="website"><meta property="og:url" content="https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities"><meta property="og:image" content="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplif.max-2600x2600.png"><meta property="og:site_name" content="Google Cloud Blog"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:url" content="https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities"><meta name="twitter:title" content="capa: Automatically Identify Malware Capabilities | Mandiant | Google Cloud Blog"><meta name="twitter:description" content=""><meta name="twitter:image" content="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplif.max-2600x2600.png"><meta name="twitter:site" content="@googlecloud"><script type="application/ld+json">{"@context":"https://schema.org","@type":"BlogPosting","@id":"https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities","headline":"capa: Automatically Identify Malware Capabilities | Mandiant","description":"","image":"https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplif.max-2600x2600.png","author":[{"@type":"Person","name":"Mandiant ","url":""}],"datePublished":"2020-07-16","publisher":{"@type":"Organization","name":"Google Cloud","logo":{"@type":"ImageObject","url":"https://www.gstatic.com/devrel-devsite/prod/v8bb8fa0afe9a8c3a776ebeb25d421bb443344d789b3607754dfabea418b8c4be/cloud/images/cloud-logo.svg"}},"url":"https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities","keywords":["Threat Intelligence","Security \u0026 Identity"],"timeRequired":"PT8M"}</script><link rel="canonical" href="https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities/"><meta name="track-metadata-page_post_title" content="capa: Automatically Identify Malware Capabilities | Mandiant"><meta name="track-metadata-page_post_labels" content="Threat Intelligence"><meta name="track-metadata-page_first_published" content="2024-03-26 05:03:00"><meta name="track-metadata-page_last_published" content="2020-07-16 15:07:00"><meta name="track-metadata-page_post_author" content="Mandiant "><meta name="track-metadata-page_post_author_role" content=""><header jsaction="rcuQ6b:npT2md" jscontroller="o60eef" class="glue-header nRhiJb-tJHJj-OWXEXe-kFx1Ae" id="kO001e"><a href="./#content" class="glue-header__link glue-header__skip-content">Jump to Content</a><div class="glue-header__bar glue-header__bar--mobile DFb9Jf" track-metadata-module="header"><div class="nRhiJb-mb9u9d"><div class="glue-header__container JF2WI"><div class="nRhiJb-o2XRw-yHKmmc lUwpmd"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/" title="Google Cloud" track-name="google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="header"><div class="nRhiJb-rSCjMe-haAclf"><svg class="glue-header__logo-svg" viewBox="0 0 74 24" role="presentation" aria-hidden="true"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"></path><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3.52 1.74 0 3.1 1.5 3.1 3.54.01 2.03-1.36 3.5-3.1 3.5z"></path><path fill="#FBBC05" d="M38 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#34A853" d="M58 .24h2.51v17.57H58z"></path><path fill="#EA4335" d="M68.26 15.52c-1.3 0-2.22-.59-2.82-1.76l7.77-3.21-.26-.66c-.48-1.3-1.96-3.7-4.97-3.7-2.99 0-5.48 2.35-5.48 5.81 0 3.26 2.46 5.81 5.76 5.81 2.66 0 4.2-1.63 4.84-2.57l-1.98-1.32c-.66.96-1.56 1.6-2.86 1.6zm-.18-7.15c1.03 0 1.91.53 2.2 1.28l-5.25 2.17c0-2.44 1.73-3.45 3.05-3.45z"></path></svg></div><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Cloud</span></a></div></div><div class="glue-header__hamburger s6BfRd"><button class="glue-header__drawer-toggle-btn" aria-label="Open the navigation drawer"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z"></path></svg></button></div><div class="nRhiJb-o2XRw-yHKmmc UrjqX"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/blog" title="Google Cloud Blog" track-name="blog"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog"track-metadata-module="header"><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Blog</span></a></div></div></div><div class="glue-header__container ca6rub"><div class="nRhiJb-GUI8l"><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-pSzOP-o6Shpd " href="https://cloud.google.com/contact/" track-name="contact sales"track-type="blog nav"track-metadata-eventdetail="cloud.google.com/contact/"track-metadata-module="header" track-name="contact sales"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/contact/">Contact sales </a><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-CNusmb-o6Shpd " href="https://console.cloud.google.com/freetrial/" track-name="get started for free"track-type="blog nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/"track-metadata-module="header" track-name="get started for free"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/">Get started for free </a></div><div class="GKI4ub"><div class="Jhiezd"><form action="/blog/search/" class="A2C6Ob"><input class="BAhdXd" jsname="oJAbI" name="query" type="text" placeholder="Find an article..."><input type="hidden" name="language" value=en hidden><input type="hidden" name="category" value=article hidden><input type="hidden" name="paginate" value="25" hidden><input type="hidden" name="order" value="newest" hidden><input type="hidden" name="hl" value=en hidden><span class="A0lwXc" jsname="D8MWrd" aria-label="Show the search input field." role="button" jsaction="click:jUF4E"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true" width="40" height="22"><path d="M20.49 19l-5.73-5.73C15.53 12.2 16 10.91 16 9.5A6.5 6.5 0 1 0 9.5 16c1.41 0 2.7-.47 3.77-1.24L19 20.49 20.49 19zM5 9.5C5 7.01 7.01 5 9.5 5S14 7.01 14 9.5 11.99 14 9.5 14 5 11.99 5 9.5z"></path></svg></span></form></div></div></div></div></div><div class="glue-header__bar glue-header__bar--desktop glue-header__drawer YcctDe" track-metadata-module="header"><div class="nRhiJb-mb9u9d M7RUq"><div class="glue-header__container JF2WI"><div class="nRhiJb-o2XRw-yHKmmc lUwpmd"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/" title="Google Cloud" track-name="google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="header"><div class="nRhiJb-rSCjMe-haAclf"><svg class="glue-header__logo-svg" viewBox="0 0 74 24" role="presentation" aria-hidden="true"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"></path><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3.52 1.74 0 3.1 1.5 3.1 3.54.01 2.03-1.36 3.5-3.1 3.5z"></path><path fill="#FBBC05" d="M38 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#34A853" d="M58 .24h2.51v17.57H58z"></path><path fill="#EA4335" d="M68.26 15.52c-1.3 0-2.22-.59-2.82-1.76l7.77-3.21-.26-.66c-.48-1.3-1.96-3.7-4.97-3.7-2.99 0-5.48 2.35-5.48 5.81 0 3.26 2.46 5.81 5.76 5.81 2.66 0 4.2-1.63 4.84-2.57l-1.98-1.32c-.66.96-1.56 1.6-2.86 1.6zm-.18-7.15c1.03 0 1.91.53 2.2 1.28l-5.25 2.17c0-2.44 1.73-3.45 3.05-3.45z"></path></svg></div><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Cloud</span></a></div></div><div class="nRhiJb-o2XRw-yHKmmc UrjqX"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/blog" title="Google Cloud Blog" track-name="blog"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog"track-metadata-module="header"><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Blog</span></a></div></div></div><div class="glue-header__container glue-header__stepped-nav LKvi8b" role="navigation"><div class="glue-header__stepped-nav-controls-container"><div class="glue-header__stepped-nav-controls"><div class="glue-header__stepped-nav-controls-arrow"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M16.41 5.41L15 4l-8 8 8 8 1.41-1.41L9.83 12"></path></svg><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G glue-header__stepped-nav-subnav-icon" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M7.59 18.59L9 20l8-8-8-8-1.41 1.41L14.17 12"></path></svg></div><div class="glue-header__stepped-nav-controls-title glue-header__link"></div></div></div><div class="glue-header__stepped-nav-menus"></div></div><div class="glue-header__container nRhiJb-J6KYL-OWXEXe-Q4irje"><nav class="glue-header__link-bar"><ul class="glue-header__list glue-header__list--nested glue-header__deep-nav URiJfb"><li class="glue-header__item "><a class="glue-header__link">Solutions & technology<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M5.41 7.59L4 9l8 8 8-8-1.41-1.41L12 14.17"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/ai-machine-learning" track-name="ai & machine learning"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/ai-machine-learning"track-metadata-module="header"><span>AI & Machine Learning</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/api-management" track-name="api management"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/api-management"track-metadata-module="header"><span>API Management</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/application-development" track-name="application development"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/application-development"track-metadata-module="header"><span>Application Development</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/application-modernization" track-name="application modernization"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/application-modernization"track-metadata-module="header"><span>Application Modernization</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/chrome-enterprise" track-name="chrome enterprise"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/chrome-enterprise"track-metadata-module="header"><span>Chrome Enterprise</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/compute" track-name="compute"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/compute"track-metadata-module="header"><span>Compute</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/containers-kubernetes" track-name="containers & kubernetes"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/containers-kubernetes"track-metadata-module="header"><span>Containers & Kubernetes</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/data-analytics" track-name="data analytics"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/data-analytics"track-metadata-module="header"><span>Data Analytics</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/databases" track-name="databases"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/databases"track-metadata-module="header"><span>Databases</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/devops-sre" track-name="devops & sre"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/devops-sre"track-metadata-module="header"><span>DevOps & SRE</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/maps-geospatial" track-name="maps & geospatial"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/maps-geospatial"track-metadata-module="header"><span>Maps & Geospatial</span></a></li><li class="glue-header__item "><a class="glue-header__link janap">Security<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M7.59 18.59L9 20l8-8-8-8-1.41 1.41L14.17 12"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/identity-security" track-name="security & identity"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security"track-metadata-module="header"><span>Security & Identity</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/threat-intelligence" track-name="threat intelligence"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence"track-metadata-module="header"><span>Threat Intelligence</span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/infrastructure" track-name="infrastructure"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/infrastructure"track-metadata-module="header"><span>Infrastructure</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/infrastructure-modernization" track-name="infrastructure modernization"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/infrastructure-modernization"track-metadata-module="header"><span>Infrastructure Modernization</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/networking" track-name="networking"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/networking"track-metadata-module="header"><span>Networking</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/productivity-collaboration" track-name="productivity & collaboration"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/productivity-collaboration"track-metadata-module="header"><span>Productivity & Collaboration</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/sap-google-cloud" track-name="sap on google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/sap-google-cloud"track-metadata-module="header"><span>SAP on Google Cloud</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/storage-data-transfer" track-name="storage & data transfer"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/storage-data-transfer"track-metadata-module="header"><span>Storage & Data Transfer</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/sustainability" track-name="sustainability"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/sustainability"track-metadata-module="header"><span>Sustainability</span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link">Ecosystem<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M5.41 7.59L4 9l8 8 8-8-1.41-1.41L12 14.17"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/transform" track-name="it leaders"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/transform"track-metadata-module="header"><span>IT Leaders</span></a></li><li class="glue-header__item "><a class="glue-header__link janap">Industries<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M7.59 18.59L9 20l8-8-8-8-1.41 1.41L14.17 12"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/financial-services" track-name="financial services"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/financial-services"track-metadata-module="header"><span>Financial Services</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/healthcare-life-sciences" track-name="healthcare & life sciences"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/healthcare-life-sciences"track-metadata-module="header"><span>Healthcare & Life Sciences</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/manufacturing" track-name="manufacturing"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/manufacturing"track-metadata-module="header"><span>Manufacturing</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/media-entertainment" track-name="media & entertainment"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/media-entertainment"track-metadata-module="header"><span>Media & Entertainment</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/public-sector" track-name="public sector"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/public-sector"track-metadata-module="header"><span>Public Sector</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/retail" track-name="retail"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/retail"track-metadata-module="header"><span>Retail</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/supply-chain-logistics" track-name="supply chain"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/supply-chain-logistics"track-metadata-module="header"><span>Supply Chain</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/telecommunications" track-name="telecommunications"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/telecommunications"track-metadata-module="header"><span>Telecommunications</span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/partners" track-name="partners"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/partners"track-metadata-module="header"><span>Partners</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/startups" track-name="startups & smb"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/startups"track-metadata-module="header"><span>Startups & SMB</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/training-certifications" track-name="training & certifications"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/training-certifications"track-metadata-module="header"><span>Training & Certifications</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/inside-google-cloud" track-name="inside google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/inside-google-cloud"track-metadata-module="header"><span>Inside Google Cloud</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/google-cloud-next" track-name="google cloud next & events"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/google-cloud-next"track-metadata-module="header"><span>Google Cloud Next & Events</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://mapsplatform.google.com/resources/blog/" track-name="google maps platform"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="mapsplatform.google.com/resources/blog/"track-metadata-module="header" target="_blank"><span>Google Maps Platform<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G FsOzib nRhiJb-tHaKme-AipIyc" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="m8.9 16.075 5.4-5.4v2.675h1.4V8.3h-5.05v1.4h2.65l-5.375 5.375ZM12 21.3q-1.925 0-3.625-.738-1.7-.737-2.95-1.987-1.25-1.25-1.987-2.95Q2.7 13.925 2.7 12t.738-3.625q.737-1.7 1.987-2.95 1.25-1.25 2.95-1.988Q10.075 2.7 12 2.7t3.625.737q1.7.738 2.95 1.988 1.25 1.25 1.987 2.95.738 1.7.738 3.625t-.738 3.625q-.737 1.7-1.987 2.95-1.25 1.25-2.95 1.987-1.7.738-3.625.738Z"></path></svg></span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://workspace.google.com/blog" track-name="google workspace"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="workspace.google.com/blog"track-metadata-module="header" target="_blank"><span>Google Workspace<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G FsOzib nRhiJb-tHaKme-AipIyc" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="m8.9 16.075 5.4-5.4v2.675h1.4V8.3h-5.05v1.4h2.65l-5.375 5.375ZM12 21.3q-1.925 0-3.625-.738-1.7-.737-2.95-1.987-1.25-1.25-1.987-2.95Q2.7 13.925 2.7 12t.738-3.625q.737-1.7 1.987-2.95 1.25-1.25 2.95-1.988Q10.075 2.7 12 2.7t3.625.737q1.7.738 2.95 1.988 1.25 1.25 1.987 2.95.738 1.7.738 3.625t-.738 3.625q-.737 1.7-1.987 2.95-1.25 1.25-2.95 1.987-1.7.738-3.625.738Z"></path></svg></span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link " href="https://cloud.google.com/blog/topics/developers-practitioners" track-name="developers & practitioners"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/developers-practitioners"track-metadata-module="header"><span>Developers & Practitioners</span></a></li><li class="glue-header__item "><a class="glue-header__link " href="https://cloud.google.com/transform" track-name="transform with google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/transform"track-metadata-module="header"><span>Transform with Google Cloud</span></a></li></ul></nav></div><div class="glue-header__container ca6rub nRhiJb-J6KYL-OWXEXe-SU0ZEf"><div class="nRhiJb-GUI8l"><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-pSzOP-o6Shpd " href="https://cloud.google.com/contact/" track-name="contact sales"track-type="blog nav"track-metadata-eventdetail="cloud.google.com/contact/"track-metadata-module="header" track-name="contact sales"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/contact/">Contact sales </a><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-CNusmb-o6Shpd " href="https://console.cloud.google.com/freetrial/" track-name="get started for free"track-type="blog nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/"track-metadata-module="header" track-name="get started for free"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/">Get started for free </a></div><div class="GKI4ub"><div class="Jhiezd"><form action="/blog/search/" class="A2C6Ob"><input class="BAhdXd" jsname="oJAbI" name="query" type="text" placeholder="Find an article..."><input type="hidden" name="language" value=en hidden><input type="hidden" name="category" value=article hidden><input type="hidden" name="paginate" value="25" hidden><input type="hidden" name="order" value="newest" hidden><input type="hidden" name="hl" value=en hidden><span class="A0lwXc" jsname="D8MWrd" aria-label="Show the search input field." role="button" jsaction="click:jUF4E"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true" width="40" height="22"><path d="M20.49 19l-5.73-5.73C15.53 12.2 16 10.91 16 9.5A6.5 6.5 0 1 0 9.5 16c1.41 0 2.7-.47 3.77-1.24L19 20.49 20.49 19zM5 9.5C5 7.01 7.01 5 9.5 5S14 7.01 14 9.5 11.99 14 9.5 14 5 11.99 5 9.5z"></path></svg></span></form></div></div></div></div></div><div class="glue-header__drawer-backdrop"></div></header><script nonce="5qzd77dFE350tcQs3PaJwQ">var AF_initDataKeys = ["ds:0"]; var AF_dataServiceRequests = {'ds:0' : {id:'nInjGe',request:["cloudblog","topics/threat-intelligence/capa-automatically-identify-malware-capabilities","en"]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};}</script></head><body id="yDmH0d" jscontroller="pjICDe" jsaction="rcuQ6b:npT2md; click:FAbpgf; auxclick:FAbpgf" class="tQj5Y ghyPEc IqBfM ecJEib EWZcud nRhiJb-qJTHM" data-has-header="true" data-has-footer="true"><script aria-hidden="true" nonce="5qzd77dFE350tcQs3PaJwQ">window.wiz_progress&&window.wiz_progress();</script><div class="VUoKZ" aria-hidden="true"><div class="TRHLAc"></div></div><c-wiz jsrenderer="zPZHOe" class="SSPGKf" jsdata="deferred-i1" data-p="%.@."cloudblog","topics/threat-intelligence/capa-automatically-identify-malware-capabilities","en"]" data-node-index="0;0" jsmodel="hc6Ubd" view c-wiz data-ogpc><div class="T4LgNb " jsname="a9kxte"><div jsname="qJTHM" class="kFwPee"><article class="nRhiJb-qJTHM" jsaction="rcuQ6b:npT2md" jscontroller="kxO7ab"><section class="nRhiJb-DARUcf"><div class="Wdmc0c nRhiJb-DbgRPb-wNfPc-cGMI2b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-BFbNVe-r8s4j-bMElCd dIsJJe" track-name="threat intelligence"track-type="tag">Threat Intelligence</div><div class="nRhiJb-ObfsIf"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-R6PoUb"></div><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-EehZO nRhiJb-fmcmS-oXtfBe"><h1 class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-ibL1re"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-ibL1re"><span class="FewWi"></span>capa: Automatically Identify Malware Capabilities</div></h1></div></div><div class="nRhiJb-fmcmS-oXtfBe dEogG">July 16, 2020</div></div></section><div class="EKklye"><div class="nRhiJb-DARUcf ZWw7T"><div class="npzWPc"><div class="dzoHJ"><div class="nRhiJb-DX2B6 nRhiJb-DX2B6-OWXEXe-h30Snd"><div class="nRhiJb-j5y3u"><ul class="nRhiJb-Qijihe phRaUe" role="list"><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="https://x.com/intent/tweet?text=capa:%20Automatically%20Identify%20Malware%20Capabilities%20@googlecloud&url=https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities" track-name="x"track-type="social share"track-metadata-eventdetail="x.com/intent/tweet?text=capa: Automatically Identify Malware Capabilities%20@googlecloud&url=cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M13.9,10.5L21.1,2h-1.7l-6.3,7.4L8,2H2.2l7.6,11.1L2.2,22h1.7l6.7-7.8L16,22h5.8L13.9,10.5L13.9,10.5z M11.5,13.2l-0.8-1.1 L4.6,3.3h2.7l5,7.1l0.8,1.1l6.5,9.2h-2.7L11.5,13.2L11.5,13.2z"></path></svg></a></li><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="https://www.linkedin.com/shareArticle?mini=true&url=https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities&title=capa:%20Automatically%20Identify%20Malware%20Capabilities" track-name="linkedin"track-type="social share"track-metadata-eventdetail="www.linkedin.com/shareArticle?mini=true&url=cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities&title=capa: Automatically Identify Malware Capabilities"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zM8 19H5v-9h3v9zM6.5 8.31c-1 0-1.81-.81-1.81-1.81S5.5 4.69 6.5 4.69s1.81.81 1.81 1.81S7.5 8.31 6.5 8.31zM19 19h-3v-5.3c0-.83-.67-1.5-1.5-1.5s-1.5.67-1.5 1.5V19h-3v-9h3v1.2c.52-.84 1.59-1.4 2.5-1.4 1.93 0 3.5 1.57 3.5 3.5V19z"></path></svg></a></li><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="https://www.facebook.com/sharer/sharer.php?caption=capa:%20Automatically%20Identify%20Malware%20Capabilities&u=https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities" track-name="facebook"track-type="social share"track-metadata-eventdetail="www.facebook.com/sharer/sharer.php?caption=capa: Automatically Identify Malware Capabilities&u=cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zm-1 2v3h-2c-.55 0-1 .45-1 1v2h3v3h-3v7h-3v-7h-2v-3h2V7.5C13 5.57 14.57 4 16.5 4H19z"></path></svg></a></li><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="mailto:?subject=capa:%20Automatically%20Identify%20Malware%20Capabilities&body=Check%20out%20this%20article%20on%20the%20Cloud%20Blog:%0A%0Acapa:%20Automatically%20Identify%20Malware%20Capabilities%0A%0A%0A%0Ahttps://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities" track-name="email"track-type="social share"track-metadata-eventdetail="mailto:?subject=capa: Automatically Identify Malware Capabilities&body=Check%20out%20this%20article%20on%20the%20Cloud%20Blog:%0A%0Acapa: Automatically Identify Malware Capabilities%0A%0A%0A%0Acloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M20 4H4c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V6c0-1.1-.9-2-2-2zm-.8 2L12 10.8 4.8 6h14.4zM4 18V7.87l8 5.33 8-5.33V18H4z"></path></svg></a></li></ul></div></div></div></div></div><div><section class="nRhiJb-DARUcf"><div class="nRhiJb-DbgRPb-wNfPc-ma6Yeb nRhiJb-DbgRPb-wNfPc-cGMI2b"><section class="DA9Qj nRhiJb-ObfsIf nRhiJb-fmcmS-oXtfBe"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf"></div><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c"><h5 class="cHE8Ub Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c">Mandiant </h5><p class="nRhiJb-qJTHM khCp7b"></p></div></section></div></section><div class="nRhiJb-DARUcf"><div class="nRhiJb-ObfsIf nRhiJb-DbgRPb-wNfPc-ma6Yeb nRhiJb-DbgRPb-qWD73c-cGMI2b"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-ibL1re dzoHJ"></div><div class="OYL9D nRhiJb-kR0ZEf-OWXEXe-GV1x9e-OiUrBf" jsname="tx2NYc"><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Written by: Willi Ballenthin, Moritz Raabe</p> <hr></span></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>capa is the FLARE team’s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. In this post you will learn how capa works, how to install and use the tool, and why you should integrate it into your triage workflow starting today.</p> <h4>Problem</h4> <p>Effective analysts can quickly understand and prioritize unknown files in investigations. However, determining if a program is malicious, the role it plays during an attack, and its potential capabilities requires at least basic malware analysis skills. And often, it takes an experienced reverse engineer to recover a file’s complete functionality and guess at the author’s intent.</p> <p>Malware experts can quickly triage unknown binaries to gain first insights and guide further analysis steps. Less experienced analysts, on the other hand, oftentimes don’t know what to look for and have trouble distinguishing the usual from the unusual. Unfortunately, common tools like strings / <a href="https://github.com/mandiant/flare-floss/" rel="noopener" target="_blank">FLOSS</a> or PE viewers display the lowest level of detail, burdening their users to combine and interpret data points.</p> <h4>Malware Triage 01-01</h4> <p>To illustrate this, let us look at <a href="https://practicalmalwareanalysis.com/labs/" rel="noopener" target="_blank">Lab 01-01</a> from <a href="https://nostarch.com/malware" rel="noopener" target="_blank">Practical Malware Analysis</a> (PMA). Our goal is to understand the program’s functionality. Figure 1 shows the file’s strings and import table with interesting values highlighted.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto1_awho.max-1000x1000.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto1_awho.max-1000x1000.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto1_awho.max-1000x1000.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto1_awho.max-1000x1000.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 1: Interesting strings and import information of example malware from PMA Lab 1-1</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>With this data, reverse engineers can hypothesize about the strings and imported API functions to guess at the program’s functionality—but no more. The sample may create a mutex, start a process, or communicate over the network—potentially to IP address 127.26.152.13. The Winsock (WS2_32) imports make us think about network functionality, but the names are not available here because they are, as is common, imported by ordinal.</p> <p>Dynamically analyzing this sample can confirm or disprove initial suspicions and reveal additional functionality. However, sandbox reports or dynamic analysis tools are limited to capturing behavior from the exercised code paths. This, for example, excludes any functionality triggered after a successful connection to the command and control (C2) server. We don’t usually recommend analyzing malware with a live Internet connection.</p> <p>To really understand this file, we need to reverse engineer it. Figure 2 shows IDA Pro’s decompilation of the program’s main function. While we use the decompilation instead of disassembly to simplify our explanation, similar concepts apply to both representations.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto2_nhkx.max-900x900.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto2_nhkx.max-900x900.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto2_nhkx.max-900x900.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto2_nhkx.max-900x900.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 2: Key functionality in the decompiled main function of PMA Lab 1-1</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>With a basic understanding of programming and the Windows API, we observe the following functionality. The malware:</p> <ul> <li>creates a mutex to ensure only one instance is running</li> <li>creates a TCP socket; indicated by the constants 2 = AF_INET, 1 = SOCK_STREAM, and 6 = IPPROTO_TCP</li> <li>connects to IP address 127.26.152.13 on port 80</li> <li>sends and receives data</li> <li>compares received data to the strings sleep and exec</li> <li>creates a new process</li> </ul> <p>Although not every code path may execute on each run, we say that the malware has the capability to execute these behaviors. And, by combining the individual conclusions, we can reason that the malware is a backdoor that can run an arbitrary program specified by a hard-coded C2 server. This high-level conclusion enables us to scope an investigation and decide how to respond to the threat.</p> <h4>Automating Capability Identification</h4> <p>Of course, malware analysis is rarely as straight forward. The artifacts of intent may be spread through a binary that contains hundreds or thousands of functions. Furthermore, reverse engineering has a fairly steep learning curve and requires solid understanding of many low-level concepts such as assembly language and operating system internals.</p> <p>However, with enough practice, we can recognize capabilities in programs simply from repetitive patterns of API calls, strings, constants, and other features. With capa, we demonstrate that some of our key analysis conclusions are actually feasible to perform automatically. The tool provides a common yet flexible way to codify expert knowledge and make it available to the entire community. When you run capa, it recognizes features and patterns as a human might, producing high-level conclusions that can drive subsequent investigative steps. For example, when capa recognizes the ability for unencrypted HTTP communication, this might be the hint you need to pivot into proxy logs or other network traces.</p> <h4>Introducing capa</h4> <p>When we run capa against our example program, the tool output in Figure 3 almost speaks for itself. The main table shows all identified capabilities in this sample, with each entry on the left describing a capability. The associated namespace on the right helps to group related capabilities. capa did a fantastic job and described all the program capabilities we’ve discussed in the previous section.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto3_hgwn.max-1100x1100.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto3_hgwn.max-1100x1100.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto3_hgwn.max-1100x1100.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto3_hgwn.max-1100x1100.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 3: capa analysis of PMA Lab 1-1</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>We find that capa often provides surprisingly good results. That’s why we want capa to always be able to show the evidence used to identify a capability. Figure 4 shows capa’s detailed output for the “create TCP socket” conclusion. Here, we can inspect the exact locations in the binary where capa found the relevant features. We’ll see the syntax of rules a bit later – in the meantime, we can surmise that they’re made up of a logic tree combining low level features.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto4_jqtl.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto4_jqtl.max-700x700.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto4_jqtl.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto4_jqtl.max-700x700.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 4: Feature match details for "create TCP socket" rule in example malware</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><h4>How capa Works</h4> <p>capa consists of two main components that algorithmically triage unknown programs. First, a code analysis engine extracts features from files, such as strings, disassembly, and control flow. Second, a logic engine finds combinations of features that are expressed in a common rule format. When the logic engine finds a match, capa reports on the capability described by the rule.</p> <p><em>Feature Extraction</em></p> <p>The code analysis engine extracts low-level features from programs. All the features are consistent with what a human might recognize, such as strings or numbers, and enable capa to explain its work. These features typically fall into two large categories: file features and disassembly features.</p> <p>File features are extracted from the raw file data and its structure, e.g. the PE file header. This is information that you might notice by scrolling across the entire file. Besides the above discussed strings and imported APIs, these include exported function and section names.</p> <p>Disassembly features are extracted from an advanced static analysis of a file – this means disassembling and reconstructing control flow. Figure 5 shows selected disassembly features including API calls, instruction mnemonics, numbers, and string references.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto5_drhb.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto5_drhb.max-700x700.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto5_drhb.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto5_drhb.max-700x700.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 5: Examples of file features in a disassembled code segment of PMA Lab 1-1</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Because the advanced analysis can distinguish between functions and other scopes in a program, capa can apply its logic at an appropriate level of detail. For example, it doesn’t get confused when unrelated APIs are used in different functions since capa rules can specify that they should be matched against each function independently.</p> <p>We’ve designed capa with flexible and extendable feature extraction in mind. Additional code analysis backends can be integrated easily. Currently, the capa standalone version relies on the <a href="https://github.com/vivisect/vivisect" rel="noopener" target="_blank">vivisect</a> analysis framework. If you’re using IDA Pro, you can also run capa using the IDAPython backend. Note that sometimes differences among code analysis engines may result in divergent feature sets and hence different results. Fortunately, this usually isn’t a serious problem in practice.</p> <p><em>capa Rules</em></p> <p>A capa rule uses a structured combination of features to describe a capability that may be implemented in a program. If all required features are present, capa concludes that the program contains the capability.</p> <p>capa rules are YAML documents that contain metadata and a tree of statements to express their logic. Among other things, the rule language supports logical operators and counting. In Figure 6, the “create TCP socket” rule says that the numbers 6, 1, and 2, <em>and</em> calls to either of the API functions socket or WSASocket must be present in the scope of a single basic block. Basic blocks group assembly code at a very low level making them an ideal place to match tightly related code segments. Besides within basic blocks, capa supports matching at the function and the file level. The function scope ties together all features in a disassembled function, while the file scope contains all features across the entire file.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto6_vsms.max-800x800.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto6_vsms.max-800x800.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto6_vsms.max-800x800.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto6_vsms.max-800x800.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 6: capa rule logic to identify TCP socket creation</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 7 highlights the rule metadata that enables capa to display high-level, meaningful results to its users. The rule name describes the identified capability while the namespace associates it with a technique or analysis category. We already saw the name and namespace in the capability table of capa’s output. The metadata section can also include fields like author or examples. We use examples to reference files and offsets where we know a capability to be present, enabling unit testing and validation of every rule. Moreover, capa rules serve as great documentation for behaviors seen in real-world malware, so feel free to keep a copy around as a reference. In a future post we will discuss other meta information, including capa’s support for the ATT&CK and the Malware Behavior Catalog frameworks.</p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto7_uilk.max-800x800.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto7_uilk.max-800x800.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto7_uilk.max-800x800.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto7_uilk.max-800x800.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure><div class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb ZpqjUe"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Figure 7: Rule meta information</p></span></div></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><h4>Installation</h4> <p>To make using capa as easy as possible, we provide <a href="https://github.com/mandiant/capa/releases" rel="noopener" target="_blank">standalone executables for Windows, Linux, and OSX</a>. The tool is written in Python and the <a href="https://github.com/mandiant/capa" rel="noopener" target="_blank">source code is available on our GitHub</a>. Additional and up-to-date <a href="https://github.com/mandiant/capa/blob/master/doc/installation.md" rel="noopener" target="_blank">installation instructions</a> are available in the capa repository.</p> <p>Newer versions of <a href="https://cloud.google.com/blog/topics/threat-intelligence/flare-vm-update" rel="noopener" target="_blank">FLARE-VM</a> (available on <a href="https://github.com/mandiant/flare-vm" rel="noopener" target="_blank">GitHub</a>) include capa as well.</p> <h4>Usage</h4> <p>To identify capabilities in a program run capa and specify the input file:</p> <p>$ capa suspicious.exe</p> <p>capa supports Windows PE files (EXE, DLL, SYS) and shellcode. To run capa on a shellcode file you must explicitly specify the file format and architecture, for example to analyze 32-bit shellcode:</p> <ul> <li>$ capa -f sc32 shellcode.bin</li> </ul> <p>To obtain detailed information on identified capabilities, capa supports two additional verbosity levels. To get the most detailed output on where and why capa matched on rules use the very verbose option:</p> <ul> <li>$ capa -vv suspicious.exe</li> </ul> <p>If you only want to focus on specific rules you can use the tag option to filter on fields in the rule meta section:</p> <ul> <li>$ capa -t "create TCP socket" suspicious.exe</li> </ul> <p>Display capa’s help to see all supported options and consolidate the <a href="https://github.com/mandiant/capa/tree/master/doc" rel="noopener" target="_blank">documentation</a>:</p> <ul> <li>$ capa -h</li> </ul> <h4>Contributing</h4> <p>We hope that capa brings value to the community and encourage any type of contribution. Your feedback, ideas, and pull requests are very welcome. The <a href="https://github.com/mandiant/capa/blob/master/.github/CONTRIBUTING.md" rel="noopener" target="_blank">contributing document</a> is a great starting point.</p> <p>Rules are the foundation of capa’s identification algorithm. We want to make it easy and fun to write them. If you have any rule ideas, please open an issue or even better submit a pull request to <a href="https://github.com/mandiant/capa-rules" rel="noopener" target="_blank">capa-rules</a>. This way, everyone can benefit from the collective knowledge of our malware analysis community.</p> <p>To separate our work and discussions between the capa source code and the supported rules, we use a second GitHub repository for <a href="https://github.com/mandiant/capa-rules" rel="noopener" target="_blank">all rules that come embedded within capa</a>. The capa main repository embeds the rule repository as a git submodule. Please refer to the rules repository for further details, including the <a href="https://github.com/mandiant/capa-rules/blob/master/doc/format.md" rel="noopener" target="_blank">rule format documentation</a>.</p> <h4>Conclusion</h4> <p>In this blog post we have introduced the FLARE team’s newest contribution to the malware analysis community. capa is an open-source framework to encode, recognize, and share behaviors seen in malware. We think that the community needs this type of tool to fight back against the volume of malware that we encounter during investigations, hunting, and triage. Regardless of your background, when you use capa, you invoke decades of cumulative experience to figure out what a program does.</p> <p>Try out capa in your next malware analysis. The tool is extremely easy to use and can provide valuable information for forensic analysts, incident responders, and reverse engineers. If you enjoy the tool, run into issues using it, or have any other comments, please <a href="https://github.com/mandiant/capa/" rel="noopener" target="_blank">contact us via the projects GitHub page</a>.</p></span></section><section class="kcBhad"><section class="Fabbec"><span class="WrMNjb">Posted in</span><ul class="FzXI4e"><li class="I4B51b"><a href="https://cloud.google.com/blog/topics/threat-intelligence" track-metadata-position="body"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence"track-metadata-module="tag list"track-metadata-module_headline="posted in">Threat Intelligence</a></li><li class="I4B51b"><a href="https://cloud.google.com/blog/products/identity-security" track-metadata-position="body"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security"track-metadata-module="tag list"track-metadata-module_headline="posted in">Security & Identity</a></li></ul></section></section></div></div></div></div></div><section class="nRhiJb-DARUcf " track-metadata-module="related articles" track-metadata-module_headline="related articles"><div class="nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-DbgRPb-wNfPc-cGMI2b"><h5 class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc nRhiJb-DbgRPb-II5mzb-cGMI2b">Related articles</h5><section class="m9cUGf HGev3 nJD2Qe nRhiJb-ObfsIf"><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/topics/threat-intelligence/glassbridge-pro-prc-influence-operations" class="lD2oe" track-name="seeing through a glassbridge: understanding the digital marketing ecosystem spreading pro-prc influence operations"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence/glassbridge-pro-prc-influence-operations"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="threat intelligence"track-type="tag">Threat Intelligence</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Google Threat Intelligence Group • 6-minute read</p></div></div></a></div></div><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/topics/threat-intelligence/gemini-malware-analysis-code-interpreter-threat-intelligence" class="lD2oe" track-name="empowering gemini for malware analysis with code interpreter and google threat intelligence"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence/gemini-malware-analysis-code-interpreter-threat-intelligence"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="threat intelligence"track-type="tag">Threat Intelligence</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Bernardo Quintero • 6-minute read</p></div></div></a></div></div><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/topics/threat-intelligence/ai-enhancing-your-adversarial-emulation" class="lD2oe" track-name="pirates in the data sea: ai enhancing your adversarial emulation"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence/ai-enhancing-your-adversarial-emulation"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="threat intelligence"track-type="tag">Threat Intelligence</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Mandiant • 25-minute read</p></div></div></a></div></div><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025" class="lD2oe" track-name="emerging threats: cybersecurity forecast 2025"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="threat intelligence"track-type="tag">Threat Intelligence</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Emerging Threats: Cybersecurity Forecast 2025</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Adam Greenberg • 3-minute read</p></div></div></a></div></div></section></div></section></article></div></div><c-data id="i1" jsdata=" n2jFB;_;1"></c-data></c-wiz><script aria-hidden="true" nonce="5qzd77dFE350tcQs3PaJwQ">window.wiz_progress&&window.wiz_progress();window.wiz_tick&&window.wiz_tick('zPZHOe');</script><script id="_ij" nonce="5qzd77dFE350tcQs3PaJwQ">window.IJ_values = [[null,null,"",false,null,null,true,false],'0','https:\/\/cloud.google.com\/blog\/',["cloudblog","topics/threat-intelligence/capa-automatically-identify-malware-capabilities",["en","de","fr","ko","ja"],"en",null,"https://cloud.google.com/blog","blog_article","cloud.google.com",["https://console.cloud.google.com/freetrial/","https://cloud.google.com/contact/","https://cloud.google.com/","https://cloud.google.com/blog","https://cloud.google.com/","https://www.google.com/","https://cloud.google.com/products/","https://about.google.com/products/","https://about.google/intl/en/","https://support.google.com"],["googlecloud","googlecloud","showcase/google-cloud","googlecloud/","googlecloud/"],true], null ,'boq_cloudx-web-blog-uiserver_20241121.08_p0','cloud.google.com',["SG",1],[[["bigquery_ftv",["bigquery_ftv",[["control",["control",[97716263,97716264],["/bigquery"]]],["variantA",["variantA",[97716265,97716266],["/bigquery"]]],["variantB",["variantB",[97716267,97716268],["/bigquery"]]],["variantC",["variantC",[97716269,97716270],["/bigquery"]]]]]],["jss",["jss",[["control",["control",[93803230,93804391],["/products/ai","/products/compute","/solutions/web-hosting"]]],["variantA",["variantA",[93803231,93804392],["/products/ai","/products/compute","/solutions/web-hosting"]]],["variantB",["variantB",[93803232,93804393],["/products/ai","/products/compute","/solutions/web-hosting"]]],["variantC",["variantC",[93803233,93804394],["/products/ai","/products/compute","/solutions/web-hosting"]]]]]]]], 0.0 ,["GTM-5CVQBG",[["en","\u202aEnglish\u202c",true,"en"],["de","\u202aDeutsch\u202c",true,"de"],["es","\u202aEspañol\u202c",true,"es"],["es-419","\u202aEspañol (Latinoamérica)\u202c",true,"es-419"],["fr","\u202aFrançais\u202c",true,"fr"],["id","\u202aIndonesia\u202c",true,"id"],["it","\u202aItaliano\u202c",true,"it"],["pt-BR","\u202aPortuguês (Brasil)\u202c",true,"pt-BR"],["zh-CN","\u202a简体中文\u202c",true,"zh-Hans"],["zh-TW","\u202a繁體中文\u202c",true,"zh-Hant"],["ja","\u202a日本語\u202c",true,"ja"],["ko","\u202a한국어\u202c",true,"ko"]],["83405","AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg"],"en",null,null,[],[["https://cloud.google.com/innovators","https://cloud.google.com/innovators/plus/activate","https://cloud.google.com/innovators/innovatorsplus"],["https://workspace.google.com/pricing","https://www.x.com/googleworkspace","https://www.facebook.com/googleworkspace","https://www.youtube.com/channel/UCBmwzQnSoj9b6HzNmFrg_yw","https://www.instagram.com/googleworkspace","https://www.linkedin.com/showcase/googleworkspace","https://about.google/?utm_source\u003dworkspace.google.com\u0026utm_medium\u003dreferral\u0026utm_campaign\u003dgsuite-footer-en","https://about.google/products/?tip\u003dexplore","https://workspace.google.com","https://workspace.google.com/contact/?source\u003dgafb-form-globalnav-en","https://workspace.google.com/business/signup/welcome?hl\u003den\u0026source\u003dgafb-form-globalnav-en","https://workspace.google.com/blog"],["https://www.cloudskillsboost.google","https://www.cloudskillsboost.google?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen","https://www.cloudskillsboost.google/subscriptions?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreenlaunchpromo","https://www.cloudskillsboost.google/subscriptions?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen","https://www.cloudskillsboost.google/catalog?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen","https://www.cloudskillsboost.google/paths?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen"],["https://mapsplatform.google.com"],["https://cloud.google.com/developers","https://cloud.google.com/developers/settings?utm_source\u003dinnovators"],["https://console.cloud.google.com/freetrial","https://console.cloud.google.com/","https://console.cloud.google.com/freetrial?redirectPath\u003dhttps://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities/"],["https://aitestkitchen.withgoogle.com/signup","https://blog.google/technology/ai/join-us-in-the-ai-test-kitchen/","https://cloud.google.com/ai"],["https://googlecloudplatform.blogspot.com/","https://github.com/GoogleCloudPlatform","https://www.linkedin.com/company/google-cloud","https://twitter.com/GoogleCloud_sg","https://www.facebook.com/googlecloud","https://www.youtube.com/GoogleCloudAPAC"]],[2024,11,23],[["en","x-default"],"x-default"],[null,true],null,"/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities/?hl\u003den",["6LcsrxUqAAAAAFhpR1lXsPN2j2nsTwy6JTbRKzJr"]],[],'','5qzd77dFE350tcQs3PaJwQ','pb5jChMFKtzhx6dcCqSSzQ','DEFAULT','\/blog', 2024.0 ,'https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/capa-automatically-identify-malware-capabilities\/', null ,'ltr', false ,'https:\/\/accounts.google.com\/AccountChooser?continue\x3dhttps:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/capa-automatically-identify-malware-capabilities\/\x26hl\x3den-US','https:\/\/accounts.google.com\/ServiceLogin?hl\x3den-US\x26continue\x3dhttps:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/capa-automatically-identify-malware-capabilities\/','https:\/\/accounts.google.com\/SignOutOptions?continue\x3dhttps:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/capa-automatically-identify-malware-capabilities\/',[[[1]]], false , false , false ,'en','en-US','en_US','https:\/\/goto2.corp.google.com\/mdtredirect?data_id_filter\x3dcloud.google.com\x26system_name\x3dcloudx-web-blog-uiserver', null , null ,'https:\/\/myaccount.google.com\/privacypolicy?hl\x3den-US', false , null ,'https:\/\/www.gstatic.com\/_\/boq-cloudx-web-blog\/_\/r\/','https:\/\/myaccount.google.com\/termsofservice?hl\x3den-US',[[[["Solutions \u0026 technology",null,[[["AI \u0026 Machine Learning","/blog/products/ai-machine-learning"],["API Management","/blog/products/api-management"],["Application Development","/blog/products/application-development"],["Application Modernization","/blog/products/application-modernization"],["Chrome Enterprise","/blog/products/chrome-enterprise"],["Compute","/blog/products/compute"],["Containers \u0026 Kubernetes","/blog/products/containers-kubernetes"],["Data Analytics","/blog/products/data-analytics"],["Databases","/blog/products/databases"],["DevOps \u0026 SRE","/blog/products/devops-sre"],["Maps \u0026 Geospatial","/blog/topics/maps-geospatial"],["Security",null,[[["Security \u0026 Identity","/blog/products/identity-security"],["Threat Intelligence","/blog/topics/threat-intelligence"]]]],["Infrastructure","/blog/products/infrastructure"],["Infrastructure Modernization","/blog/products/infrastructure-modernization"],["Networking","/blog/products/networking"],["Productivity \u0026 Collaboration","/blog/products/productivity-collaboration"],["SAP on Google Cloud","/blog/products/sap-google-cloud"],["Storage \u0026 Data Transfer","/blog/products/storage-data-transfer"],["Sustainability","/blog/topics/sustainability"]]]],["Ecosystem",null,[[["IT Leaders","/transform"],["Industries",null,[[["Financial Services","/blog/topics/financial-services"],["Healthcare \u0026 Life Sciences","/blog/topics/healthcare-life-sciences"],["Manufacturing","/blog/topics/manufacturing"],["Media \u0026 Entertainment","/blog/products/media-entertainment"],["Public Sector","/blog/topics/public-sector"],["Retail","/blog/topics/retail"],["Supply Chain","/blog/topics/supply-chain-logistics"],["Telecommunications","/blog/topics/telecommunications"]]]],["Partners","/blog/topics/partners"],["Startups \u0026 SMB","/blog/topics/startups"],["Training \u0026 Certifications","/blog/topics/training-certifications"],["Inside Google Cloud","/blog/topics/inside-google-cloud"],["Google Cloud Next \u0026 Events","/blog/topics/google-cloud-next"],["Google Maps Platform","https://mapsplatform.google.com/resources/blog/"],["Google Workspace","https://workspace.google.com/blog"]]]],["Developers \u0026 Practitioners","/blog/topics/developers-practitioners"],["Transform with Google Cloud","/transform"]]],[["de",[[["Neuigkeiten","/blog/de/topics/whats-new/aktuelles-auf-dem-google-cloud-blog"],["Lösungen \u0026 Technologien",null,[[["Anwendungsentwicklung","/blog/de/products/application-development"],["Anwendungsmodernisierung","/blog/de/products/anwendungsmodernisierung"],["API-Verwaltung","/blog/de/products/api-management"],["Chrome Enterprise","/blog/de/products/chrome-enterprise"],["Computing","/blog/de/products/compute"],["Containers \u0026 Kubernetes","/blog/de/products/containers-kubernetes"],["Datenanalysen","/blog/de/products/data-analytics"],["Datenbanken","/blog/de/products/databases"],["DevOps \u0026 SRE","/blog/de/products/devops-sre"],["Infrastruktur","/blog/de/products/infrastructure"],["KI \u0026 Machine Learning","/blog/de/products/ai-machine-learning"],["Maps \u0026 Geospatial","/blog/de/topics/maps-geospatial"],["Modernisierung der Infrastruktur","/blog/de/products/modernisierung-der-infrastruktur"],["Nachhaltigkeit","/blog/de/topics/nachhaltigkeit"],["Netzwerk","/blog/de/products/networking"],["Produktivität und Zusammenarbeit","/blog/de/products/produktivitaet-und-kollaboration"],["SAP in Google Cloud","/blog/de/products/sap-google-cloud"],["Sicherheit \u0026 Identität","/blog/de/products/identity-security"],["Speicher und Datentransfer","/blog/de/products/storage-data-transfer"]]]],["Ökosystem",null,[[["IT Leader","/transform/de"],["Industrien",null,[[["Behörden und öffentlicher Sektor","/blog/de/topics/public-sector"],["Einzelhandel","/blog/de/topics/retail"],["Fertigung","/blog/de/topics/fertigung"],["Finanzdienstleistungen","/blog/de/topics/financial-services"],["Gesundheitswesen und Biowissenschaften","/blog/de/topics/healthcare-life-sciences"],["Lieferkette und Logistik","/blog/de/topics/lieferkette-und-logistik"],["Medien und Unterhaltung","/blog/de/products/media-entertainment"],["Telekommunikation","/blog/de/topics/telecommunications"]]]],["Entwickler*innen \u0026 Fachkräfte","/blog/de/topics/developers-practitioners"],["Google Cloud Next \u0026 Events","/blog/de/topics/events"],["Google Maps Platform","/blog/de/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/de"],["Inside Google Cloud","/blog/de/topics/inside-google-cloud"],["Kunden","/blog/de/topics/kunden"],["Partner","/blog/de/topics/partners"],["Start-ups und KMU","/blog/de/topics/startups"],["Training und Zertifizierung","/blog/de/topics/training-certifications"]]]],["Transformation mit Google Cloud","/transform/de"]]]],["en",[[["Solutions \u0026 technology",null,[[["AI \u0026 Machine Learning","/blog/products/ai-machine-learning"],["API Management","/blog/products/api-management"],["Application Development","/blog/products/application-development"],["Application Modernization","/blog/products/application-modernization"],["Chrome Enterprise","/blog/products/chrome-enterprise"],["Compute","/blog/products/compute"],["Containers \u0026 Kubernetes","/blog/products/containers-kubernetes"],["Data Analytics","/blog/products/data-analytics"],["Databases","/blog/products/databases"],["DevOps \u0026 SRE","/blog/products/devops-sre"],["Maps \u0026 Geospatial","/blog/topics/maps-geospatial"],["Security",null,[[["Security \u0026 Identity","/blog/products/identity-security"],["Threat Intelligence","/blog/topics/threat-intelligence"]]]],["Infrastructure","/blog/products/infrastructure"],["Infrastructure Modernization","/blog/products/infrastructure-modernization"],["Networking","/blog/products/networking"],["Productivity \u0026 Collaboration","/blog/products/productivity-collaboration"],["SAP on Google Cloud","/blog/products/sap-google-cloud"],["Storage \u0026 Data Transfer","/blog/products/storage-data-transfer"],["Sustainability","/blog/topics/sustainability"]]]],["Ecosystem",null,[[["IT Leaders","/transform"],["Industries",null,[[["Financial Services","/blog/topics/financial-services"],["Healthcare \u0026 Life Sciences","/blog/topics/healthcare-life-sciences"],["Manufacturing","/blog/topics/manufacturing"],["Media \u0026 Entertainment","/blog/products/media-entertainment"],["Public Sector","/blog/topics/public-sector"],["Retail","/blog/topics/retail"],["Supply Chain","/blog/topics/supply-chain-logistics"],["Telecommunications","/blog/topics/telecommunications"]]]],["Partners","/blog/topics/partners"],["Startups \u0026 SMB","/blog/topics/startups"],["Training \u0026 Certifications","/blog/topics/training-certifications"],["Inside Google Cloud","/blog/topics/inside-google-cloud"],["Google Cloud Next \u0026 Events","/blog/topics/google-cloud-next"],["Google Maps Platform","https://mapsplatform.google.com/resources/blog/"],["Google Workspace","https://workspace.google.com/blog"]]]],["Developers \u0026 Practitioners","/blog/topics/developers-practitioners"],["Transform with Google Cloud","/transform"]]]],["fr",[[["Les tendances","/blog/fr/topics/les-tendances/quelles-sont-les-nouveautes-de-google-cloud"],["Solutions et Technologie",null,[[["Analyse de données","/blog/fr/products/analyse-de-donnees/"],["Bases de données","/blog/fr/products/databases"],["Calcul","/blog/fr/products/calcul/"],["Chrome Entreprise","/blog/fr/products/chrome-enterprise/"],["Conteneurs et Kubernetes","/blog/fr/products/conteneurs-et-kubernetes/"],["Développement d'Applications","/blog/fr/products/application-development"],["Développement durable","/blog/fr/topics/developpement-durable"],["DevOps et ingénierie SRE","/blog/fr/products/devops-sre"],["Gestion des API","/blog/fr/products/api-management"],["IA et Machine Learning","/blog/fr/products/ai-machine-learning"],["Infrastructure","/blog/fr/products/infrastructure"],["Maps et Géospatial","/blog/fr/topics/maps-geospatial"],["Modernisation d'Applications","/blog/fr/products/modernisation-dapplications/"],["Modernisation d'Infrastructure","/blog/fr/products/modernisation-dinfrastructure/"],["Networking","/blog/fr/products/networking"],["Productivité et Collaboration","/blog/fr/products/productivite-et-collaboration"],["SAP sur Google Cloud","/blog/fr/products/sap-google-cloud"],["Sécurité et Identité","/blog/fr/products/identity-security"],["Stockage et transfert de données","/blog/fr/products/storage-data-transfer"]]]],["Écosystème",null,[[["Responsables IT","/transform/fr"],["Industries",null,[[["Commerce","/blog/fr/topics/retail"],["Manufacturing","/blog/fr/topics/manufacturing"],["Médias et Divertissement","/blog/fr/products/media-entertainment"],["Santé","/blog/fr/topics/healthcare-life-sciences"],["Secteur Public","/blog/fr/topics/public-sector"],["Services Financiers","/blog/fr/topics/financial-services"],["Supply Chain","/blog/fr/topics/supply-chain/"],["Telecommunications","/blog/fr/topics/telecommunications"]]]],["Clients","/blog/fr/topics/clients/"],["Développeurs et professionnels","/blog/fr/topics/developers-practitioners"],["Formations et certifications","/blog/fr/topics/training-certifications"],["Google Cloud Next et Événements","/blog/fr/topics/evenements"],["Google Maps Platform","/blog/fr/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/fr"],["Inside Google Cloud","/blog/fr/topics/inside-google-cloud"],["Partenaires","/blog/fr/topics/partners"],["Start-ups et PME","/blog/fr/topics/startups"]]]],["Transformer avec Google Cloud","/transform/fr"]]]],["ja",[[["ソリューションとテクノロジー",null,[[["AI \u0026 機械学習","/blog/ja/products/ai-machine-learning"],["API 管理","/blog/ja/products/api-management"],["アプリケーション開発","/blog/ja/products/application-development"],["アプリケーションモダナイゼーション","/blog/ja/products/application-modernization"],["Chrome Enterprise","/blog/ja/products/chrome-enterprise"],["コンピューティング","/blog/ja/products/compute"],["Containers \u0026 Kubernetes","/blog/ja/products/containers-kubernetes"],["データ分析","/blog/ja/products/data-analytics"],["データベース","/blog/ja/products/databases"],["DevOps \u0026 SRE","/blog/ja/products/devops-sre"],["Maps \u0026 Geospatial","/blog/ja/products/maps-platform"],["セキュリティ",null,[[["セキュリティ \u0026 アイデンティティ","/blog/ja/products/identity-security"],["脅威インテリジェンス","/blog/ja/topics/threat-intelligence"]]]],["インフラストラクチャ","/blog/ja/products/infrastructure"],["インフラモダナイゼーション","/blog/ja/products/infrastructure-modernization"],["ネットワーキング","/blog/ja/products/networking"],["生産性とコラボレーション","/blog/ja/products/productivity-collaboration"],["Google Cloud での SAP","/blog/ja/products/sap-google-cloud"],["ストレージとデータ転送","/blog/ja/products/storage-data-transfer"],["サステナビリティ","/blog/ja/topics/sustainability"]]]],["エコシステム",null,[[["ITリーダー","/transform/ja"],["業種",null,[[["金融サービス","/blog/ja/topics/financial-services"],["ヘルスケア、ライフサイエンス","/blog/ja/topics/healthcare-life-sciences"],["製造","/blog/ja/topics/manufacturing"],["メディア、エンターテイメント","/blog/ja/products/media-entertainment"],["公共部門","/blog/ja/topics/public-sector"],["小売業","/blog/ja/topics/retail"],["サプライチェーン","/blog/ja/topics/supply-chain-logistics"],["通信","/blog/ja/topics/telecommunications"]]]],["顧客事例","/blog/ja/topics/customers"],["パートナー","/blog/ja/topics/partners"],["スタートアップ \u0026 SMB","/blog/ja/topics/startups"],["トレーニングと認定","/blog/ja/topics/training-certifications"],["Inside Google Cloud","/blog/ja/topics/inside-google-cloud"],["Google Cloud Next とイベント","/blog/ja/topics/google-cloud-next"],["Google Maps Platform","/blog/ja/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/ja"]]]],["デベロッパー","/blog/ja/topics/developers-practitioners"],["Transform with Google Cloud","/transform/ja"]]]],["ko",[[["솔루션 및 기술",null,[[["AI 및 머신러닝","/blog/ko/products/ai-machine-learning"],["API 관리","/blog/ko/products/api-management"],["애플리케이션 개발","/blog/ko/products/application-development"],["애플리케이션 현대화","/blog/ko/products/application-modernization"],["Chrome Enterprise","/blog/products/chrome-enterprise"],["컴퓨팅","/blog/ko/products/compute"],["컨테이너 \u0026 Kubernetes","/blog/ko/products/containers-kubernetes"],["데이터 분석","/blog/ko/products/data-analytics"],["데이터베이스","/blog/ko/products/databases"],["DevOps 및 SRE","/blog/ko/products/devops-sre"],["Maps \u0026 Geospatial","/blog/ko/products/maps-platform"],["보안",null,[[["보안 \u0026 아이덴티티","/blog/ko/products/identity-security"],["위협 인텔리전스","/blog/ko/topics/threat-intelligence"]]]],["인프라","/blog/ko/products/infrastructure"],["Infrastructure Modernization","/blog/ko/products/infrastructure-modernization"],["네트워킹","/blog/ko/products/networking"],["생산성 및 공동작업","/blog/ko/products/productivity-collaboration"],["SAP on Google Cloud","/blog/ko/products/sap-google-cloud"],["스토리지 및 데이터 전송","/blog/ko/products/storage-data-transfer"],["지속가능성","/blog/ko/topics/sustainability"]]]],["에코시스템",null,[[["IT Leaders","/transform/ko"],["업종",null,[[["금융 서비스","/blog/ko/topics/financial-services"],["의료 및 생명과학","/blog/ko/topics/healthcare-life-sciences"],["제조업","/blog/ko/topics/manufacturing"],["미디어 및 엔터테인먼트","/blog/ko/products/media-entertainment"],["공공부문","/blog/ko/topics/public-sector"],["소매업","/blog/ko/topics/retail"],["공급망","/blog/topics/supply-chain-logistics"],["통신","/blog/ko/topics/telecommunications"]]]],["고객 사례","/blog/ko/topics/customers"],["파트너","/blog/ko/topics/partners"],["스타트업 \u0026 SMB","/blog/ko/topics/startups"],["교육 \u0026 인증","/blog/ko/topics/training-certifications"],["Inside Google Cloud","/blog/ko/topics/inside-google-cloud"],["Google Cloud Next 및 이벤트","/blog/ko/topics/google-cloud-next"],["Google Maps Platform","/blog/ko/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/ko"]]]],["개발 및 IT운영","/blog/ko/topics/developers-practitioners"],["Google Cloud와 함께 하는 디지털 혁신","/transform/ko"]]]]]],'cloud.google.com','https', null , false , null ,[[97442199,1714257,97785988,97863042,93778619,93874004,48554497,1706538,48897392,97684535,97535270,97656899,97863170,97517172,48887082,48830069,97716269,48489819,97442181,97785970,93873986,97684517,97656881,97517154,48887064],null,null,null,null,true],]; window.IJ_valuesCb && window.IJ_valuesCb();</script><script nonce="5qzd77dFE350tcQs3PaJwQ">(function(){'use strict';var c=window,d=[];c.aft_counter=d;var e=[],f=0;function _recordIsAboveFold(a){if(!c._isLazyImage(a)&&!a.hasAttribute("data-noaft")&&a.src){var b=(c._isVisible||function(){})(c.document,a);a.setAttribute("data-atf",b);b&&(e.indexOf(a)!==-1||d.indexOf(a)!==-1||a.complete||d.push(a),a.hasAttribute("data-iml")&&(a=Number(a.getAttribute("data-iml")),a>f&&(f=a)))}} c.initAft=function(){f=0;e=Array.prototype.slice.call(document.getElementsByTagName("img")).filter(function(a){return!!a.getAttribute("data-iml")});[].forEach.call(document.getElementsByTagName("img"),function(a){try{_recordIsAboveFold(a)}catch(b){throw b.message=a.hasAttribute("data-iid")?b.message+"\nrecordIsAboveFold error for defer inlined image":b.message+("\nrecordIsAboveFold error for img element with <src: "+a.src+">"),b;}});if(d.length===0)c.onaft(f)};}).call(this); initAft()</script><script class="ds:0" nonce="5qzd77dFE350tcQs3PaJwQ">AF_initDataCallback({key: 'ds:0', hash: '1', data:[["capa: Automatically Identify Malware Capabilities | Mandiant",null,[1594882800],"https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplif.max-2600x2600.png","https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities",[1711401886,668134000]],[["Mandiant "]],[null,"\u003cscript type\u003d\"application/ld+json\"\u003e{\"@context\":\"https://schema.org\",\"@type\":\"BlogPosting\",\"@id\":\"https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities\",\"headline\":\"capa: Automatically Identify Malware Capabilities | Mandiant\",\"description\":\"\",\"image\":\"https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplif.max-2600x2600.png\",\"author\":[{\"@type\":\"Person\",\"name\":\"Mandiant \",\"url\":\"\"}],\"datePublished\":\"2020-07-16\",\"publisher\":{\"@type\":\"Organization\",\"name\":\"Google Cloud\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https://www.gstatic.com/devrel-devsite/prod/v8bb8fa0afe9a8c3a776ebeb25d421bb443344d789b3607754dfabea418b8c4be/cloud/images/cloud-logo.svg\"}},\"url\":\"https://cloud.google.com/blog/topics/threat-intelligence/capa-automatically-identify-malware-capabilities\",\"keywords\":[\"Threat Intelligence\",\"Security \\u0026 Identity\"],\"timeRequired\":\"PT8M\"}\u003c/script\u003e"],["capa: Automatically Identify Malware Capabilities"],null,null,[[null,null,[null,[null,"\u003cp\u003eWritten by: Willi Ballenthin, Moritz Raabe\u003c/p\u003e\n\u003chr\u003e"]]],[null,null,[null,[null,"\u003cp\u003ecapa is the FLARE team\u2019s newest open-source tool for analyzing malicious programs. Our tool provides a framework for the community to encode, recognize, and share behaviors that we\u2019ve seen in malware. Regardless of your background, when you use capa, you invoke decades of cumulative reverse engineering experience to figure out what a program does. In this post you will learn how capa works, how to install and use the tool, and why you should integrate it into your triage workflow starting today.\u003c/p\u003e\n\u003ch4\u003eProblem\u003c/h4\u003e\n\u003cp\u003eEffective analysts can quickly understand and prioritize unknown files in investigations. However, determining if a program is malicious, the role it plays during an attack, and its potential capabilities requires at least basic malware analysis skills. And often, it takes an experienced reverse engineer to recover a file\u2019s complete functionality and guess at the author\u2019s intent.\u003c/p\u003e\n\u003cp\u003eMalware experts can quickly triage unknown binaries to gain first insights and guide further analysis steps. Less experienced analysts, on the other hand, oftentimes don\u2019t know what to look for and have trouble distinguishing the usual from the unusual. Unfortunately, common tools like strings / \u003ca href\u003d\"https://github.com/mandiant/flare-floss/\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003eFLOSS\u003c/a\u003e or PE viewers display the lowest level of detail, burdening their users to combine and interpret data points.\u003c/p\u003e\n\u003ch4\u003eMalware Triage 01-01\u003c/h4\u003e\n\u003cp\u003eTo illustrate this, let us look at \u003ca href\u003d\"https://practicalmalwareanalysis.com/labs/\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003eLab 01-01\u003c/a\u003e from \u003ca href\u003d\"https://nostarch.com/malware\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003ePractical Malware Analysis\u003c/a\u003e (PMA). Our goal is to understand the program\u2019s functionality. Figure 1 shows the file\u2019s strings and import table with interesting values highlighted.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 1: Interesting strings and import information of example malware from PMA Lab 1-1\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto1_awho.max-1000x1000.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto1_awho.max-1000x1000.png"],null,3]]],[null,null,[null,[null,"\u003cp\u003eWith this data, reverse engineers can hypothesize about the strings and imported API functions to guess at the program\u2019s functionality\u2014but no more. The sample may create a mutex, start a process, or communicate over the network\u2014potentially to IP address 127.26.152.13. The Winsock (WS2_32) imports make us think about network functionality, but the names are not available here because they are, as is common, imported by ordinal.\u003c/p\u003e\n\u003cp\u003eDynamically analyzing this sample can confirm or disprove initial suspicions and reveal additional functionality. However, sandbox reports or dynamic analysis tools are limited to capturing behavior from the exercised code paths. This, for example, excludes any functionality triggered after a successful connection to the command and control (C2) server. We don\u2019t usually recommend analyzing malware with a live Internet connection.\u003c/p\u003e\n\u003cp\u003eTo really understand this file, we need to reverse engineer it. Figure 2 shows IDA Pro\u2019s decompilation of the program\u2019s main function. While we use the decompilation instead of disassembly to simplify our explanation, similar concepts apply to both representations.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 2: Key functionality in the decompiled main function of PMA Lab 1-1\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto2_nhkx.max-900x900.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto2_nhkx.max-900x900.png"],null,3]]],[null,null,[null,[null,"\u003cp\u003eWith a basic understanding of programming and the Windows API, we observe the following functionality. The malware:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ecreates a mutex to ensure only one instance is running\u003c/li\u003e\n\u003cli\u003ecreates a TCP socket; indicated by the constants 2 \u003d AF_INET, 1 \u003d SOCK_STREAM, and 6 \u003d IPPROTO_TCP\u003c/li\u003e\n\u003cli\u003econnects to IP address 127.26.152.13 on port 80\u003c/li\u003e\n\u003cli\u003esends and receives data\u003c/li\u003e\n\u003cli\u003ecompares received data to the strings sleep and exec\u003c/li\u003e\n\u003cli\u003ecreates a new process\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAlthough not every code path may execute on each run, we say that the malware has the capability to execute these behaviors. And, by combining the individual conclusions, we can reason that the malware is a backdoor that can run an arbitrary program specified by a hard-coded C2 server. This high-level conclusion enables us to scope an investigation and decide how to respond to the threat.\u003c/p\u003e\n\u003ch4\u003eAutomating Capability Identification\u003c/h4\u003e\n\u003cp\u003eOf course, malware analysis is rarely as straight forward. The artifacts of intent may be spread through a binary that contains hundreds or thousands of functions. Furthermore, reverse engineering has a fairly steep learning curve and requires solid understanding of many low-level concepts such as assembly language and operating system internals.\u003c/p\u003e\n\u003cp\u003eHowever, with enough practice, we can recognize capabilities in programs simply from repetitive patterns of API calls, strings, constants, and other features. With capa, we demonstrate that some of our key analysis conclusions are actually feasible to perform automatically. The tool provides a common yet flexible way to codify expert knowledge and make it available to the entire community. When you run capa, it recognizes features and patterns as a human might, producing high-level conclusions that can drive subsequent investigative steps. For example, when capa recognizes the ability for unencrypted HTTP communication, this might be the hint you need to pivot into proxy logs or other network traces.\u003c/p\u003e\n\u003ch4\u003eIntroducing capa\u003c/h4\u003e\n\u003cp\u003eWhen we run capa against our example program, the tool output in Figure 3 almost speaks for itself. The main table shows all identified capabilities in this sample, with each entry on the left describing a capability. The associated namespace on the right helps to group related capabilities. capa did a fantastic job and described all the program capabilities we\u2019ve discussed in the previous section.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 3: capa analysis of PMA Lab 1-1\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto3_hgwn.max-1100x1100.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto3_hgwn.max-1100x1100.png"],null,3]]],[null,null,[null,[null,"\u003cp\u003eWe find that capa often provides surprisingly good results. That\u2019s why we want capa to always be able to show the evidence used to identify a capability. Figure 4 shows capa\u2019s detailed output for the \u201ccreate TCP socket\u201d conclusion. Here, we can inspect the exact locations in the binary where capa found the relevant features. We\u2019ll see the syntax of rules a bit later \u2013 in the meantime, we can surmise that they\u2019re made up of a logic tree combining low level features.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 4: Feature match details for \"create TCP socket\" rule in example malware\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto4_jqtl.max-700x700.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto4_jqtl.max-700x700.png"],null,3]]],[null,null,[null,[null,"\u003ch4\u003eHow capa Works\u003c/h4\u003e\n\u003cp\u003ecapa consists of two main components that algorithmically triage unknown programs. First, a code analysis engine extracts features from files, such as strings, disassembly, and control flow. Second, a logic engine finds combinations of features that are expressed in a common rule format. When the logic engine finds a match, capa reports on the capability described by the rule.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFeature Extraction\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003eThe code analysis engine extracts low-level features from programs. All the features are consistent with what a human might recognize, such as strings or numbers, and enable capa to explain its work. These features typically fall into two large categories: file features and disassembly features.\u003c/p\u003e\n\u003cp\u003eFile features are extracted from the raw file data and its structure, e.g. the PE file header. This is information that you might notice by scrolling across the entire file. Besides the above discussed strings and imported APIs, these include exported function and section names.\u003c/p\u003e\n\u003cp\u003eDisassembly features are extracted from an advanced static analysis of a file \u2013 this means disassembling and reconstructing control flow. Figure 5 shows selected disassembly features including API calls, instruction mnemonics, numbers, and string references.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 5: Examples of file features in a disassembled code segment of PMA Lab 1-1\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto5_drhb.max-700x700.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto5_drhb.max-700x700.png"],null,3]]],[null,null,[null,[null,"\u003cp\u003eBecause the advanced analysis can distinguish between functions and other scopes in a program, capa can apply its logic at an appropriate level of detail. For example, it doesn\u2019t get confused when unrelated APIs are used in different functions since capa rules can specify that they should be matched against each function independently.\u003c/p\u003e\n\u003cp\u003eWe\u2019ve designed capa with flexible and extendable feature extraction in mind. Additional code analysis backends can be integrated easily. Currently, the capa standalone version relies on the \u003ca href\u003d\"https://github.com/vivisect/vivisect\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003evivisect\u003c/a\u003e analysis framework. If you\u2019re using IDA Pro, you can also run capa using the IDAPython backend. Note that sometimes differences among code analysis engines may result in divergent feature sets and hence different results. Fortunately, this usually isn\u2019t a serious problem in practice.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003ecapa Rules\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003eA capa rule uses a structured combination of features to describe a capability that may be implemented in a program. If all required features are present, capa concludes that the program contains the capability.\u003c/p\u003e\n\u003cp\u003ecapa rules are YAML documents that contain metadata and a tree of statements to express their logic. Among other things, the rule language supports logical operators and counting. In Figure 6, the \u201ccreate TCP socket\u201d rule says that the numbers 6, 1, and 2, \u003cem\u003eand\u003c/em\u003e calls to either of the API functions socket or WSASocket must be present in the scope of a single basic block. Basic blocks group assembly code at a very low level making them an ideal place to match tightly related code segments. Besides within basic blocks, capa supports matching at the function and the file level. The function scope ties together all features in a disassembled function, while the file scope contains all features across the entire file.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 6: capa rule logic to identify TCP socket creation\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto6_vsms.max-800x800.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto6_vsms.max-800x800.png"],null,3]]],[null,null,[null,[null,"\u003cp\u003eFigure 7 highlights the rule metadata that enables capa to display high-level, meaningful results to its users. The rule name describes the identified capability while the namespace associates it with a technique or analysis category. We already saw the name and namespace in the capability table of capa\u2019s output. The metadata section can also include fields like author or examples. We use examples to reference files and offsets where we know a capability to be present, enabling unit testing and validation of every rule. Moreover, capa rules serve as great documentation for behaviors seen in real-world malware, so feel free to keep a copy around as a reference. In a future post we will discuss other meta information, including capa\u2019s support for the ATT\u0026amp;CK and the Malware Behavior Catalog frameworks.\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,"\u003cp\u003eFigure 7: Rule meta information\u003c/p\u003e"],["https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto7_uilk.max-800x800.png",null,null,"https://storage.googleapis.com/gweb-cloudblog-publish/images/capa-auto7_uilk.max-800x800.png"],null,3]]],[null,null,[null,[null,"\u003ch4\u003eInstallation\u003c/h4\u003e\n\u003cp\u003eTo make using capa as easy as possible, we provide \u003ca href\u003d\"https://github.com/mandiant/capa/releases\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003estandalone executables for Windows, Linux, and OSX\u003c/a\u003e. The tool is written in Python and the \u003ca href\u003d\"https://github.com/mandiant/capa\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003esource code is available on our GitHub\u003c/a\u003e. Additional and up-to-date \u003ca href\u003d\"https://github.com/mandiant/capa/blob/master/doc/installation.md\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003einstallation instructions\u003c/a\u003e are available in the capa repository.\u003c/p\u003e\n\u003cp\u003eNewer versions of \u003ca href\u003d\"https://cloud.google.com/blog/topics/threat-intelligence/flare-vm-update\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003eFLARE-VM\u003c/a\u003e (available on \u003ca href\u003d\"https://github.com/mandiant/flare-vm\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003eGitHub\u003c/a\u003e) include capa as well.\u003c/p\u003e\n\u003ch4\u003eUsage\u003c/h4\u003e\n\u003cp\u003eTo identify capabilities in a program run capa and specify the input file:\u003c/p\u003e\n\u003cp\u003e$ capa suspicious.exe\u003c/p\u003e\n\u003cp\u003ecapa supports Windows PE files (EXE, DLL, SYS) and shellcode. To run capa on a shellcode file you must explicitly specify the file format and architecture, for example to analyze 32-bit shellcode:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e$ capa -f sc32 shellcode.bin\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eTo obtain detailed information on identified capabilities, capa supports two additional verbosity levels. To get the most detailed output on where and why capa matched on rules use the very verbose option:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e$ capa -vv suspicious.exe\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf you only want to focus on specific rules you can use the tag option to filter on fields in the rule meta section:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e$ capa -t \"create TCP socket\" suspicious.exe\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDisplay capa\u2019s help to see all supported options and consolidate the \u003ca href\u003d\"https://github.com/mandiant/capa/tree/master/doc\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003edocumentation\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e$ capa -h\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eContributing\u003c/h4\u003e\n\u003cp\u003eWe hope that capa brings value to the community and encourage any type of contribution. Your feedback, ideas, and pull requests are very welcome. The \u003ca href\u003d\"https://github.com/mandiant/capa/blob/master/.github/CONTRIBUTING.md\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003econtributing document\u003c/a\u003e is a great starting point.\u003c/p\u003e\n\u003cp\u003eRules are the foundation of capa\u2019s identification algorithm. We want to make it easy and fun to write them. If you have any rule ideas, please open an issue or even better submit a pull request to \u003ca href\u003d\"https://github.com/mandiant/capa-rules\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003ecapa-rules\u003c/a\u003e. This way, everyone can benefit from the collective knowledge of our malware analysis community.\u003c/p\u003e\n\u003cp\u003eTo separate our work and discussions between the capa source code and the supported rules, we use a second GitHub repository for \u003ca href\u003d\"https://github.com/mandiant/capa-rules\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003eall rules that come embedded within capa\u003c/a\u003e. The capa main repository embeds the rule repository as a git submodule. Please refer to the rules repository for further details, including the \u003ca href\u003d\"https://github.com/mandiant/capa-rules/blob/master/doc/format.md\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003erule format documentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eConclusion\u003c/h4\u003e\n\u003cp\u003eIn this blog post we have introduced the FLARE team\u2019s newest contribution to the malware analysis community. capa is an open-source framework to encode, recognize, and share behaviors seen in malware. We think that the community needs this type of tool to fight back against the volume of malware that we encounter during investigations, hunting, and triage. Regardless of your background, when you use capa, you invoke decades of cumulative experience to figure out what a program does.\u003c/p\u003e\n\u003cp\u003eTry out capa in your next malware analysis. The tool is extremely easy to use and can provide valuable information for forensic analysts, incident responders, and reverse engineers. If you enjoy the tool, run into issues using it, or have any other comments, please \u003ca href\u003d\"https://github.com/mandiant/capa/\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003econtact us via the projects GitHub page\u003c/a\u003e.\u003c/p\u003e"]]]],[["Threat Intelligence","Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations","GLASSBRIDGE is an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png"],null,6,null,"https://cloud.google.com/blog/topics/threat-intelligence/glassbridge-pro-prc-influence-operations",null,1,[["Google Threat Intelligence Group "]],null,"55620"],["Threat Intelligence","Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence","When used for malware analysis, Gemini now has capabilities to address obfuscation, and obtain insights on IOCs.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png"],null,6,null,"https://cloud.google.com/blog/topics/threat-intelligence/gemini-malware-analysis-code-interpreter-threat-intelligence",null,1,[["Bernardo Quintero"],["Andr\u00e9s Ram\u00edrez"]],null,"55597"],["Threat Intelligence","Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation","Learn how Mandiant Red Team is using Gemini and LLMs for adversarial emulation and defense.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png"],null,25,null,"https://cloud.google.com/blog/topics/threat-intelligence/ai-enhancing-your-adversarial-emulation",null,1,[["Mandiant "]],null,"55578"],["Threat Intelligence","Emerging Threats: Cybersecurity Forecast 2025","The Cybersecurity Forecast 2025 is here to arm security professionals with knowledge about the year ahead.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/threat-intelligence-default-banner-simplifie.max-700x700.png"],null,3,null,"https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025",null,1,[["Adam Greenberg","Content Marketing Manager, Mandiant"]],null,"55565"]],null,"Threat Intelligence",null,[["Threat Intelligence","https://cloud.google.com/blog/topics/threat-intelligence","threat-intelligence"],["Security \u0026 Identity","https://cloud.google.com/blog/products/identity-security","identity-security"]],null,null,8], sideChannel: {}});</script><script id="wiz_jd" nonce="5qzd77dFE350tcQs3PaJwQ">if (window['_wjdc']) {const wjd = {}; window['_wjdc'](wjd); delete window['_wjdc'];}</script><script aria-hidden="true" id="WIZ-footer" nonce="5qzd77dFE350tcQs3PaJwQ">window.wiz_progress&&window.wiz_progress(); window.stopScanForCss&&window.stopScanForCss(); ccTick('bl');</script></body></html><footer id="ZCHFDb"><footer class="nRhiJb-RWrDld nRhiJb-yePe5c QJnbF" jscontroller="NsSboe" track-metadata-module="footer"><h3 class="nRhiJb-VqCwd-L6cTce">Footer Links</h3><section class="nRhiJb-haF9Wb r2W5Od"><section class="nRhiJb-DX2B6"><div class="nRhiJb-j5y3u"><h4 class="nRhiJb-BkAck nRhiJb-BkAck-OWXEXe-TzA9Ye">Follow us</h4><ul class="nRhiJb-Qijihe c3Uqdd" role="list"><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.x.com/googlecloud" target="_blank" rel="noopener" track-name="x"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.x.com/googlecloud"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M13.9,10.5L21.1,2h-1.7l-6.3,7.4L8,2H2.2l7.6,11.1L2.2,22h1.7l6.7-7.8L16,22h5.8L13.9,10.5L13.9,10.5z M11.5,13.2l-0.8-1.1 L4.6,3.3h2.7l5,7.1l0.8,1.1l6.5,9.2h-2.7L11.5,13.2L11.5,13.2z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.youtube.com/googlecloud" target="_blank" rel="noopener" track-name="youtube"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.youtube.com/googlecloud"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M23.74 7.1s-.23-1.65-.95-2.37c-.91-.96-1.93-.96-2.4-1.02C17.04 3.47 12 3.5 12 3.5s-5.02-.03-8.37.21c-.46.06-1.48.06-2.39 1.02C.52 5.45.28 7.1.28 7.1S.04 9.05 0 10.98V13c.04 1.94.28 3.87.28 3.87s.24 1.65.96 2.38c.91.95 2.1.92 2.64 1.02 1.88.18 7.91.22 8.12.22 0 0 5.05.01 8.4-.23.46-.06 1.48-.06 2.39-1.02.72-.72.96-2.37.96-2.37s.24-1.94.25-3.87v-2.02c-.02-1.93-.26-3.88-.26-3.88zM9.57 15.5V8.49L16 12.13 9.57 15.5z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.linkedin.com/showcase/google-cloud" target="_blank" rel="noopener" track-name="linkedin"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.linkedin.com/showcase/google-cloud"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zM8 19H5v-9h3v9zM6.5 8.31c-1 0-1.81-.81-1.81-1.81S5.5 4.69 6.5 4.69s1.81.81 1.81 1.81S7.5 8.31 6.5 8.31zM19 19h-3v-5.3c0-.83-.67-1.5-1.5-1.5s-1.5.67-1.5 1.5V19h-3v-9h3v1.2c.52-.84 1.59-1.4 2.5-1.4 1.93 0 3.5 1.57 3.5 3.5V19z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.instagram.com/googlecloud/" target="_blank" rel="noopener" track-name="instagram"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.instagram.com/googlecloud/"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M12,0 C15.3,0 15.7,0 17,0 C18.3,0.1 19.1,0.3 19.9,0.6 C20.7,0.9 21.3,1.3 22,2 C22.7,2.7 23.1,3.4 23.3,4.2 C23.6,5 23.8,5.8 23.9,7.1 C24,8.3 24,8.7 24,12 C24,15.3 24,15.7 23.9,16.9 C23.8,18.2 23.6,19 23.3,19.8 C23,20.6 22.6,21.2 21.9,21.9 C21.3,22.6 20.6,23 19.8,23.3 C19,23.6 18.2,23.8 16.9,23.9 C15.7,24 15.3,24 12,24 C8.7,24 8.3,24 7,24 C5.7,23.9 4.9,23.7 4.1,23.4 C3.3,23.1 2.7,22.7 2,22 C1.3,21.3 0.9,20.6 0.7,19.8 C0.4,19 0.2,18.2 0.1,16.9 C0,15.7 0,15.3 0,12 C0,8.7 0,8.3 0.1,7.1 C0.1,5.8 0.3,4.9 0.6,4.1 C0.9,3.4 1.3,2.7 2,2 C2.7,1.3 3.4,0.9 4.1,0.6 C4.9,0.3 5.8,0.1 7.1,0.1 C8.3,0 8.7,0 12,0 Z M12,2.2 C8.8,2.2 8.4,2.2 7.2,2.2 C6,2.3 5.3,2.5 4.9,2.6 C4.4,2.9 4,3.1 3.5,3.5 C3.1,3.9 2.8,4.3 2.6,4.9 C2.5,5.3 2.3,6 2.3,7.2 C2.2,8.4 2.2,8.8 2.2,12 C2.2,15.2 2.2,15.5 2.3,16.8 C2.3,17.9 2.5,18.6 2.7,19 C2.9,19.6 3.2,20 3.6,20.4 C4,20.8 4.4,21.1 5,21.3 C5.4,21.5 6,21.6 7.2,21.7 C8.4,21.8 8.8,21.8 12,21.8 C15.2,21.8 15.5,21.8 16.8,21.7 C17.9,21.7 18.6,21.5 19,21.3 C19.6,21.1 20,20.8 20.4,20.4 C20.8,20 21.1,19.6 21.3,19 C21.5,18.6 21.6,18 21.7,16.8 C21.8,15.6 21.8,15.2 21.8,12 C21.8,8.8 21.8,8.5 21.7,7.2 C21.7,6.1 21.5,5.4 21.3,5 C21.1,4.4 20.8,4 20.4,3.6 C20,3.2 19.6,2.9 19,2.7 C18.6,2.5 18,2.4 16.8,2.3 C15.6,2.2 15.2,2.2 12,2.2 Z M12,5.8 C15.4,5.8 18.2,8.6 18.2,12 C18.2,15.4 15.4,18.2 12,18.2 C8.6,18.2 5.8,15.4 5.8,12 C5.8,8.6 8.6,5.8 12,5.8 Z M12,16 C14.2,16 16,14.2 16,12 C16,9.8 14.2,8 12,8 C9.8,8 8,9.8 8,12 C8,14.2 9.8,16 12,16 Z M18.4,7 C17.6268014,7 17,6.37319865 17,5.6 C17,4.82680135 17.6268014,4.2 18.4,4.2 C19.1731986,4.2 19.8,4.82680135 19.8,5.6 C19.8,6.37319865 19.1731986,7 18.4,7 Z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.facebook.com/googlecloud/" target="_blank" rel="noopener" track-name="facebook"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.facebook.com/googlecloud/"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zm-1 2v3h-2c-.55 0-1 .45-1 1v2h3v3h-3v7h-3v-7h-2v-3h2V7.5C13 5.57 14.57 4 16.5 4H19z"></path></svg></a></li></ul></div></section></section><section class="nRhiJb-hlZHHf rtKYfe"><div class="nRhiJb-vQnuyc UXgbsb"><a class="ZOs9zc" href="https://cloud.google.com/" title="Google Cloud" track-name="google"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="footer"><svg class="nRhiJb-vQnuyc-RJLb9c" viewBox="0 0 64 64" role="presentation" aria-hidden="true" width="40" height="40"><path d="M40.37 20.29L42.3333 20.3267L47.67 14.99L47.93 12.73C43.69 8.95667 38.11 6.66 32 6.66C20.9367 6.66 11.6067 14.1833 8.84 24.3833C9.42334 23.98 10.6667 24.28 10.6667 24.28L21.3333 22.5267C21.3333 22.5267 21.8867 21.62 22.1567 21.6767C24.5967 19.0067 28.1067 17.3267 32 17.3267C35.1667 17.3267 38.08 18.44 40.37 20.29Z" fill="#ea4335"/><path d="M55.1667 24.3967C53.93 19.8233 51.37 15.79 47.9267 12.7267L40.3667 20.2867C43.3933 22.7333 45.3333 26.4733 45.3333 30.66V31.9933C49.01 31.9933 52 34.9833 52 38.66C52 42.3367 49.01 45.3267 45.3333 45.3267H32L30.6667 46.6667V54.6667L32 55.9933H45.3333C54.89 55.9933 62.6667 48.2167 62.6667 38.66C62.6667 32.75 59.6933 27.5267 55.1667 24.3967Z" fill="#4285f4"/><path d="M18.6667 55.9933H31.99V45.3267H18.6667C17.6867 45.3267 16.76 45.11 15.92 44.7267L14 45.3167L8.66 50.6567L8.19334 52.46C11.1033 54.6733 14.7333 55.9933 18.6667 55.9933Z" fill="#34a853"/><path d="M18.6667 21.3267C9.11 21.3267 1.33334 29.1033 1.33334 38.66C1.33334 44.2867 4.03 49.2967 8.2 52.4633L15.93 44.7333C13.6167 43.6867 12 41.36 12 38.66C12 34.9833 14.99 31.9933 18.6667 31.9933C21.3667 31.9933 23.6933 33.61 24.74 35.9233L32.47 28.1933C29.3033 24.0233 24.2933 21.3267 18.6667 21.3267Z" fill="#fbbc05"/></svg></a></div><ul class="nRhiJb-hlZHHf-PLDbbf nRhiJb-di8rgd-ZGNLv AXb5J" role="list"><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://cloud.google.com/" track-name="google cloud"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="footer">Google Cloud</a></li><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://cloud.google.com/products/" track-name="google cloud products"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="cloud.google.com/products/"track-metadata-module="footer">Google Cloud Products</a></li><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://myaccount.google.com/privacypolicy?hl=en-US" target="_blank" track-name="privacy"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="myaccount.google.com/privacypolicy?hl=en-US"track-metadata-module="footer">Privacy</a></li><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://myaccount.google.com/termsofservice?hl=en-US" target="_blank" track-name="terms"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="myaccount.google.com/termsofservice?hl=en-US"track-metadata-module="footer">Terms</a></li><li aria-hidden="true" class="glue-footer__global-links-list-item"><a aria-hidden="true" role="button" tabindex="0" class="nRhiJb-Fx4vi glue-footer__link glue-cookie-notification-bar-control" href="#" target="_blank" track-name="cookies management controls"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="#"track-metadata-module="footer">Cookies management controls</a></li></ul><ul class="nRhiJb-hlZHHf-PLDbbf nRhiJb-hlZHHf-PLDbbf-OWXEXe-hOedQd nRhiJb-di8rgd-ZGNLv qkxr1" role="list"><li class="glue-footer__global-links-list-item nRhiJb-hlZHHf-PLDbbf-rymPhb-ibnC6b-OWXEXe-hOedQd"><a class="nRhiJb-Fx4vi" href="https://support.google.com" target="_blank" track-name="help"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="support.google.com"track-metadata-module="footer"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-yePe5c-h9d3hd" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 17h-2v-2h2v2zm2.07-7.75l-.9.92C13.45 12.9 13 13.5 13 15h-2v-.5c0-1.1.45-2.1 1.17-2.83l1.24-1.26c.37-.36.59-.86.59-1.41 0-1.1-.9-2-2-2s-2 .9-2 2H8c0-2.21 1.79-4 4-4s4 1.79 4 4c0 .88-.36 1.68-.93 2.25z"></path></svg>Help</a></li><li class="glue-footer__global-links-list-item nRhiJb-hlZHHf-PLDbbf-rymPhb-ibnC6b-OWXEXe-hOedQd"><select jsaction="change:xU0iy" aria-label="Change language" class="nRhiJb-CL4aqd-j4gsHd"><option value="" selected disabled hidden>Language</option><option value="en" selected>‪English‬</option><option value="de">‪Deutsch‬</option><option value="fr">‪Français‬</option><option value="ko">‪한국어‬</option><option value="ja">‪日本語‬</option></select></li></ul></section></footer></footer>