New capa (identify capabilities in executable files) module with ATT&CK support (S18)

[m-1-k-3]

• What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

feature

• What is the current behavior? (You can also link to an open issue here)

As we have learned from the paper "ERS0: Enhancing Military Cybersecurity with AI-Driven SBOM for Firmware Vulnerability Detection and Asset Management" (see here) there might be some interest in using capa in EMBA. We are aware that capa is only supporting x86/64 architectures and so it is somehow limited in the firmware field. Nevertheless, if we have a supported architecture the results are quite useful:

The image shows also the links to the ATT&CK framework and to the MBCProject

• Other information:

~Do not merge until we have the docker base image updated!~

[m-1-k-3]

New container (v1.4.1e) should be available for testing now