Hybrid Analysis Sandbox

The OpenCTI Hybrid Analysis enrichment connector allows automatic enrichment of StixFile, Artifact, URL, Domain, and Hostname observables by submitting them for sandbox analysis. It enriches observables with associated MITRE ATT&CK techniques, extracts contacted domain names and IP addresses, identifies dropped files during detonation, and assigns maliciousness scores. The connector automatically creates relationships between observables and discovered indicators, enhancing threat intelligence with behavioral analysis results and attack patterns mapped to the MITRE framework.