This software allows for the conversion, extraction, and transformation of malware behavior data from "Malware Configuration And Payload Extraction" (CAPEv2) sandbox reports, to Structured Threat Information eXpression (STIX). This allows for further analysis to be performed, sharing of threat data, and transit to a graph database.
[ ] - Files dropped by malware should be in a different category than reads/writes/deletes.
[ ] - System calls aren't terribly important. We would want to encapsulate them inside a dictionary. However, if we get dictionaries that are megs big, we wouldn't want them
[ ] - Files dropped by malware should be in a different category than reads/writes/deletes. [ ] - System calls aren't terribly important. We would want to encapsulate them inside a dictionary. However, if we get dictionaries that are megs big, we wouldn't want them