This software allows for the conversion, extraction, and transformation of malware behavior data from "Malware Configuration And Payload Extraction" (CAPEv2) sandbox reports, to Structured Threat Information eXpression (STIX). This allows for further analysis to be performed, sharing of threat data, and transit to a graph database.
MITRE deprecated some Techniques, so they no longer exist in the STIX we're pulling from, however CAPEv2 still recongnizes them, we may need to auto-adjust those T####'s to a valid replacement.
MITRE deprecated some Techniques, so they no longer exist in the STIX we're pulling from, however CAPEv2 still recongnizes them, we may need to auto-adjust those T####'s to a valid replacement.
See https://attack.mitre.org/techniques/T1320/