File Coverage

blib/lib/STIX/Malware.pm

Criterion	Covered	Total	%
statement	41	41	100.0
branch			n/a
condition			n/a
subroutine	14	14	100.0
pod			n/a
total	55	55	100.0

line	stmt	sub	time	code
1				package STIX::Malware;
2
3	24	24	555	use 5.010001;
	24		123
4	24	24	144	use strict;
	24		68
	24		650
5	24	24	113	use warnings;
	24		46
	24		1526
6	24	24	177	use utf8;
	24		47
	24		191
7
8	24	24	1093	use STIX::Common::List;
	24		103
	24		924
9	24	24	187	use STIX::Common::OpenVocabulary;
	24		71
	24		1103
10	24	24	138	use Types::Standard qw(Str Num Enum Bool InstanceOf);
	24		47
	24		304
11	24	24	63095	use Types::TypeTiny qw(ArrayLike);
	24		64
	24		191
12
13	24	24	16623	use Moo;
	24		56
	24		211
14	24	24	11477	use namespace::autoclean;
	24		55
	24		267
15
16				extends 'STIX::Common::Properties';
17
18	24		2781	use constant SCHEMA =>
19	24	24	2847	'http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware.json';
	24		59
20
21	24		1978	use constant PROPERTIES => (
22				qw(type spec_version id created modified),
23				qw(created_by_ref revoked labels confidence lang external_references object_marking_refs granular_markings extensions),
24				qw(name description malware_types is_family aliases kill_chain_phases first_seen last_seen operating_system_refs architecture_execution_envs implementation_languages capabilities sample_refs)
25	24	24	167	);
	24		53
26
27	24	24	154	use constant STIX_OBJECT => 'SDO';
	24		43
	24		1183
28	24	24	144	use constant STIX_OBJECT_TYPE => 'malware';
	24		48
	24		14744
29
30				has name => (is => 'rw', isa => Str);
31				has description => (is => 'rw', isa => Str);
32
33				has malware_types => (
34				is => 'rw',
35				isa => ArrayLike [Enum [STIX::Common::OpenVocabulary->MALWARE_TYPE()]],
36				default => sub { STIX::Common::List->new }
37				);
38
39				has is_family => (is => 'rw', isa => Bool, required => 1);
40				has aliases => (is => 'rw', isa => ArrayLike [Str], default => sub { STIX::Common::List->new });
41				has kill_chain_phases => (
42				is => 'rw',
43				isa => ArrayLike [InstanceOf ['STIX::Common::KillChainPhase']],
44				default => sub { STIX::Common::List->new }
45				);
46
47				has first_seen => (
48				is => 'rw',
49				isa => InstanceOf ['STIX::Common::Timestamp'],
50				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
51				);
52
53				has last_seen => (
54				is => 'rw',
55				isa => InstanceOf ['STIX::Common::Timestamp'],
56				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
57				);
58
59				has operating_system_refs => (is => 'rw', isa => ArrayLike [Str], default => sub { STIX::Common::List->new });
60
61				has architecture_execution_envs => (
62				is => 'rw',
63				isa => ArrayLike [Enum [STIX::Common::OpenVocabulary->PROCESSOR_ARCHITECTURE()]],
64				default => sub { STIX::Common::List->new }
65				);
66
67				has implementation_languages => (
68				is => 'rw',
69				isa => ArrayLike [Enum [STIX::Common::OpenVocabulary->IMPLEMENTATION_LANGUAGE()]],
70				default => sub { STIX::Common::List->new }
71				);
72
73				has capabilities => (
74				is => 'rw',
75				isa => ArrayLike [Enum [STIX::Common::OpenVocabulary->MALWARE_CAPABILITIES()]],
76				default => sub { STIX::Common::List->new }
77				);
78
79				has sample_refs => (
80				is => 'rw',
81				isa => ArrayLike [InstanceOf ['STIX::Observable', 'STIX::Common::Identifier']],
82				default => sub { STIX::Common::List->new }
83				);
84
85
86				1;
87
88				=encoding utf-8
89
90				=head1 NAME
91
92				STIX::Malware - STIX Domain Object (SDO) - Malware
93
94				=head1 SYNOPSIS
95
96				use STIX::Malware;
97
98				my $malware = STIX::Malware->new();
99
100
101				=head1 DESCRIPTION
102
103				Malware is a type of TTP that is also known as malicious code and malicious
104				software, refers to a program that is inserted into a system, usually
105				covertly, with the intent of compromising the confidentiality, integrity,
106				or availability of the victim's data, applications, or operating system
107				(OS) or of otherwise annoying or disrupting the victim.
108
109
110				=head2 METHODS
111
112				L inherits all methods from L
113				and implements the following new ones.
114
115				=over
116
117				=item STIX::Malware->new(%properties)
118
119				Create a new instance of L.
120
121				=item $malware->aliases
122
123				Alternative names used to identify this Malware or Malware family.
124
125				=item $malware->architecture_execution_envs
126
127				The processor architectures (e.g., x86, ARM, etc.) that the malware
128				instance or family is executable on.
129				(See C in L)
130
131				=item $malware->capabilities
132
133				Specifies any capabilities identified for the malware instance or family.
134				(See C in L).
135
136				=item $malware->description
137
138				Provides more context and details about the Malware object.
139
140				=item $malware->first_seen
141
142				The time that the malware instance or family was first seen.
143
144				=item $malware->id
145
146				=item $malware->implementation_languages
147
148				The programming language(s) used to implement the malware instance or
149				family. (See C in L).
150
151				=item $malware->kill_chain_phases
152
153				The list of kill chain phases for which this Malware instance can be used.
154
155				=item $malware->last_seen
156
157				The time that the malware family or malware instance was last seen.
158
159				=item $malware->malware_types
160
161				The type of malware being described.
162				(See C in L)
163
164				=item $malware->name
165
166				The name used to identify the Malware.
167
168				=item $malware->operating_system_refs
169
170				The operating systems that the malware family or malware instance is
171				executable on.
172
173				=item $malware->sample_refs
174
175				The sample_refs property specifies a list of identifiers of the SCO file or
176				artifact objects associated with this malware instance(s) or family.
177
178				=item $malware->type
179
180				The type of this object, which MUST be the literal C.
181
182				=back
183
184
185				=head2 HELPERS
186
187				=over
188
189				=item $malware->TO_JSON
190
191				Encode the object in JSON.
192
193				=item $malware->to_hash
194
195				Return the object HASH.
196
197				=item $malware->to_string
198
199				Encode the object in JSON.
200
201				=item $malware->validate
202
203				Validate the object using JSON Schema (see L).
204
205				=back
206
207
208				=head1 SUPPORT
209
210				=head2 Bugs / Feature Requests
211
212				Please report any bugs or feature requests through the issue tracker
213				at L.
214				You will be notified automatically of any progress on your issue.
215
216				=head2 Source Code
217
218				This is open source software. The code repository is available for
219				public review and contribution under the terms of the license.
220
221				L
222
223				git clone https://github.com/giterlizzi/perl-STIX.git
224
225
226				=head1 AUTHOR
227
228				=over 4
229
230				=item * Giuseppe Di Terlizzi
231
232				=back
233
234
235				=head1 LICENSE AND COPYRIGHT
236
237				This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
238
239				This is free software; you can redistribute it and/or modify it under
240				the same terms as the Perl 5 programming language system itself.
241
242				=cut