Get all software/malware used in a specific campaign.
Args:
campaign_stix_id: Campaign STIX UUID identifier (e.g., 'campaign--UUID').
domain: ATT&CK domain ('enterprise', 'mobile', 'ics').
include_description: Whether to include software descriptions.
Returns:
{
"campaign": {
"attack_id": "CXXXX" | null,
"name": "<campaign name or null>",
"stix_id": "<campaign--UUID>",
"description": "<text or null>",
} | null,
"count": <number of software objects>,
"software": [
{
"attack_id": "SXXXX or similar" | null,
"name": "<software name>",
"stix_id": "<malware--UUID or tool--UUID>",
"type": "<malware|tool|...> or null",
"aliases": ["...", "..."],
"description": "<text or null>",
"relationships": [
{
"stix_id": "<relationship--UUID>",
"relationship_type": "<type>",
"description": "<relationship description or null>",
"source_ref": "<source STIX ID>",
"target_ref": "<target STIX ID>",
},
...
]
},
...
],
"formatted": "<human-readable list of software>",
"message": "<status summary>"
}