This software allows for the conversion, extraction, and transformation of malware behavior data from "Malware Configuration And Payload Extraction" (CAPEv2) sandbox reports, to Structured Threat Information eXpression (STIX). This allows for further analysis to be performed, sharing of threat data, and transit to a graph database.
MATCH (m:malware) -[n]-> (r:
windows-registry-keyWHERE r.key =\~ '.CurrentVersion\\Run\\.' OR r.key =\~ '.CurrentVersion\\RunOnce\\.') RETURN m,r