File Coverage

blib/lib/STIX/Common/OpenVocabulary.pm

Criterion	Covered	Total	%
statement	74	74	100.0
branch			n/a
condition			n/a
subroutine	25	25	100.0
pod			n/a
total	99	99	100.0

line	stmt	sub	time	code
1				package STIX::Common::OpenVocabulary;
2
3	25	25	512	use 5.010001;
	25		247
4	25	25	179	use strict;
	25		64
	25		951
5	25	25	247	use warnings;
	25		65
	25		1519
6	25	25	228	use utf8;
	25		54
	25		153
7
8	25		3411	use constant ACCOUNT_TYPE => (
9				'facebook', 'ldap', 'nis', 'openid', 'radius', 'skype',
10				'tacacs', 'twitter', 'unix', 'windows-local', 'windows-domain'
11	25	25	2036	);
	25		69
12
13	25		2094	use constant ATTACK_MOTIVATION => (
14				'accidental', 'coercion', 'dominance', 'ideology',
15				'notoriety', 'organizational-gain', 'personal-gain', 'personal-satisfaction',
16				'revenge', 'unpredictable'
17	25	25	196	);
	25		63
18
19	25	25	163	use constant ATTACK_RESOURCE_LEVEL => ('individual', 'club', 'contest', 'team', 'organization', 'government');
	25		47
	25		2056
20
21	25	25	170	use constant GROUPING_CONTEXT => ('suspicious-activity', 'malware-analysis', 'unspecified');
	25		52
	25		2021
22
23	25	25	192	use constant IDENTITY_CLASS => ('individual', 'group', 'system', 'organization', 'class', 'unknown');
	25		66
	25		2394
24
25	25		2982	use constant INFRASTRUCTURE_TYPE => (
26				'amplification', 'anonymization', 'botnet', 'command-and-control',
27				'exfiltration', 'hosting-malware', 'hosting-target-lists', 'phishing',
28				'reconnaissance', 'staging', 'unknown'
29	25	25	169	);
	25		87
30
31	25		2362	use constant IMPLEMENTATION_LANGUAGE => (
32				'applescript', 'bash', 'c', 'c++', 'c#', 'go',
33				'java', 'javascript', 'lua', 'objective-c', 'perl', 'php',
34				'powershell', 'python', 'ruby', 'scala', 'swift', 'typescript',
35				'visual-basic', 'x86-32', 'x86-64'
36	25	25	189	);
	25		51
37
38	25		3209	use constant INDICATOR_TYPE =>
39	25	25	153	('anomalous-activity', 'anonymization', 'benign', 'compromised', 'malicious-activity', 'attribution', 'unknown');
	25		66
40
41	25		2426	use constant INDUSTRY_SECTOR => (
42				'agriculture', 'aerospace', 'automotive', 'chemical',
43				'commercial', 'communications', 'construction', 'defense',
44				'education', 'energy', 'entertainment', 'financial-services',
45				'government', 'emergency-services', 'government-local', 'government-national',
46				'government-public-services', 'government-regional', 'healthcare', 'hospitality-leisure',
47				'infrastructure', 'dams', 'nuclear', 'water',
48				'insurance', 'manufacturing', 'mining', 'non-profit',
49				'pharmaceuticals', 'retail', 'technology', 'telecommunications',
50				'transportation', 'utilities'
51	25	25	158	);
	25		76
52
53	25	25	172	use constant MALWARE_RESULT => ('malicious', 'suspicious', 'benign', 'unknown');
	25		48
	25		3630
54
55	25		3647	use constant MALWARE_CAPABILITIES => (
56				'accesses-remote-machines', 'anti-debugging',
57				'anti-disassembly', 'anti-emulation',
58				'anti-memory-forensics', 'anti-sandbox',
59				'anti-vm', 'captures-input-peripherals',
60				'captures-output-peripherals', 'captures-system-state-data',
61				'cleans-traces-of-infection', 'commits-fraud',
62				'communicates-with-c2', 'compromises-data-availability',
63				'compromises-data-integrity', 'compromises-system-availability',
64				'controls-local-machine', 'degrades-security-software',
65				'degrades-system-updates', 'determines-c2-server',
66				'emails-spam', 'escalates-privileges',
67				'evades-av', 'exfiltrates-data',
68				'fingerprints-host', 'hides-artifacts',
69				'hides-executing-code', 'infects-files',
70				'infects-remote-machines', 'installs-other-components',
71				'persists-after-system-reboot', 'prevents-artifact-access',
72				'prevents-artifact-deletion', 'probes-network-environment',
73				'self-modifies', 'steals-authentication-credentials',
74				'violates-system-operational-integrity'
75	25	25	209	);
	25		47
76
77	25		3476	use constant MALWARE_TYPE => (
78				'adware', 'backdoor', 'bot', 'bootkit',
79				'ddos', 'downloader', 'dropper', 'exploit-kit',
80				'keylogger', 'ransomware', 'remote-access-trojan', 'resource-exploitation',
81				'rogue-security-software', 'rootkit', 'screen-capture', 'spyware',
82				'trojan', 'unknown', 'virus', 'webshell',
83				'wiper', 'worm'
84	25	25	167	);
	25		68
85
86	25	25	193	use constant PATTERN_TYPE => ('stix', 'pcre', 'sigma', 'snort', 'suricata', 'yara');
	25		51
	25		2028
87
88	25	25	158	use constant PROCESSOR_ARCHITECTURE => ('alpha', 'arm', 'ia-64', 'mips', 'powerpc', 'sparc', 'x86', 'x86-64');
	25		67
	25		3346
89
90	25		4497	use constant REGION => (
91				'africa', 'eastern-africa', 'middle-africa', 'northern-africa',
92				'southern-africa', 'western-africa', 'americas', 'caribbean',
93				'central-america', 'latin-america-caribbean', 'northern-america', 'south-america',
94				'asia', 'central-asia', 'eastern-asia', 'southern-asia',
95				'south-eastern-asia', 'western-asia', 'europe', 'eastern-europe',
96				'northern-europe', 'southern-europe', 'western-europe', 'oceania',
97				'antarctica', 'australia-new-zealand', 'melanesia', 'micronesia',
98				'polynesia'
99	25	25	160	);
	25		55
100
101	25		2519	use constant REPORT_TYPE => (
102				'attack-pattern', 'campaign', 'identity', 'indicator', 'intrusion-set', 'malware',
103				'observed-data', 'threat-actor', 'threat-report', 'tool', 'vulnerability'
104	25	25	177	);
	25		76
105
106	25		2222	use constant THREAT_ACTOR_TYPE => (
107				'activist', 'competitor', 'crime-syndicate', 'criminal',
108				'hacker', 'insider-accidental', 'insider-disgruntled', 'nation-state',
109				'sensationalist', 'spy', 'terrorist', 'unknown'
110	25	25	166	);
	25		53
111
112	25		2118	use constant THREAT_ACTOR_ROLE => (
113				'agent', 'director', 'independent', 'infrastructure-architect',
114				'infrastructure-operator', 'malware-author', 'sponsor'
115	25	25	210	);
	25		61
116
117	25		2252	use constant THREAT_ACTOR_SOPHISTICATION =>
118	25	25	158	('none', 'minimal', 'intermediate', 'advanced', 'expert', 'innovator', 'strategic');
	25		68
119
120	25		1651	use constant TOOL_TYPE => (
121				'denial-of-service', 'exploitation', 'information-gathering', 'network-capture',
122				'credential-exploitation', 'remote-access', 'vulnerability-scanning', 'unknown'
123	25	25	226	);
	25		58
124
125	25	25	156	use constant WINDOWS_PEBINARY_TYPE => ('dll', 'exe', 'sys');
	25		66
	25		2257
126
127				1;
128
129				=encoding utf-8
130
131				=head1 NAME
132
133				STIX::Common::OpenVocabulary - Open Vocabulary for STIX Objects
134
135				=head1 DESCRIPTION
136
137				L provide a listing of common and industry accepted
138				terms as a guide to the user but do not limit the user to that defined list.
139
140				=head2 CONSTANTS
141
142				=over
143
144				=item ACCOUNT_TYPE
145
146				=item ATTACK_MOTIVATION
147
148				=item ATTACK_RESOURCE_LEVEL
149
150				=item GROUPING_CONTEXT
151
152				=item IDENTITY_CLASS
153
154				=item IMPLEMENTATION_LANGUAGE
155
156				=item INDICATOR_TYPE
157
158				=item INDUSTRY_SECTOR
159
160				=item INFRASTRUCTURE_TYPE
161
162				=item MALWARE_CAPABILITIES
163
164				=item MALWARE_RESULT
165
166				=item MALWARE_TYPE
167
168				=item PATTERN_TYPE
169
170				=item PROCESSOR_ARCHITECTURE
171
172				=item REGION
173
174				=item REPORT_TYPE
175
176				=item THREAT_ACTOR_ROLE
177
178				=item THREAT_ACTOR_SOPHISTICATION
179
180				=item THREAT_ACTOR_TYPE
181
182				=item TOOL_TYPE
183
184				=item WINDOWS_PEBINARY_TYPE
185
186				=back
187
188
189				=head1 SUPPORT
190
191				=head2 Bugs / Feature Requests
192
193				Please report any bugs or feature requests through the issue tracker
194				at L.
195				You will be notified automatically of any progress on your issue.
196
197				=head2 Source Code
198
199				This is open source software. The code repository is available for
200				public review and contribution under the terms of the license.
201
202				L
203
204				git clone https://github.com/giterlizzi/perl-STIX.git
205
206
207				=head1 AUTHOR
208
209				=over 4
210
211				=item * Giuseppe Di Terlizzi
212
213				=back
214
215
216				=head1 LICENSE AND COPYRIGHT
217
218				This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
219
220				This is free software; you can redistribute it and/or modify it under
221				the same terms as the Perl 5 programming language system itself.
222
223				=cut