Extending the DRAKVUF Sandbox analytic pipeline

This project aims at enhancing the current DRAKVUF Sandbox by: - extracting common TTPs and displaying them in accordance with the MITTRE ATT&CK framework. - Identifying common malware families and extracting their configuration. - Extracting host and network based indicators of compromise (IoCs) using virtual machine introspection (VMI). - Enhancing the analytic pipeline by means of integrating it with FLARE's capa and floss tools. - Generating STIX objects for the newly extracted information. - Refactoring the Flask backend to be able to serve the output of the added tools. - Extending the React frontend to display all the newly-added information. This will be done by adding new modules to the sandbox' post processing script, and serving the output to the Flask backend by means of MinIO. Then, the Flask backend will be updated accordingly to provide endpoints for fetching the newly-added information. Finally, the React frontend will be updated to fetch data from the new version of the backend, and then displaying the information in a concise and informative manner for the malware analysts and threat researchers.