Open yelhamer opened 1 year ago
I just wanted to leave the information that I finally found some time to release the PoC code of dynmx as open source. You can find the code in the dynmx repository.
The tool is able to parse CAPE sandbox reports and to store the parsed data in an object-oriented data model. It possibly includes some code which can also be helpful for this project. The tool is also able to extract OS resources like accessed files, registry keys and network resources from CAPE sandbox reports.
point 1 (making the extractor more modular) has been addressed by adding a pydantic model for the CAPE extractor (#1729). It would be nice to do the same for future sandbox feature extractors as well.
This issue will serve to keep track of enhancements that are to-be-added to the CAPE extractor after basic functionality is achieved.
For the time being, the current features are in queue: