File Coverage

blib/lib/STIX/MalwareAnalysis.pm

Criterion	Covered	Total	%
statement	41	41	100.0
branch			n/a
condition			n/a
subroutine	14	14	100.0
pod			n/a
total	55	55	100.0

line	stmt	sub	time	code
1				package STIX::MalwareAnalysis;
2
3	24	24	613	use 5.010001;
	24		106
4	24	24	157	use strict;
	24		54
	24		746
5	24	24	123	use warnings;
	24		49
	24		1480
6	24	24	150	use utf8;
	24		94
	24		190
7
8	24	24	837	use STIX::Common::List;
	24		91
	24		907
9	24	24	146	use STIX::Common::OpenVocabulary;
	24		76
	24		757
10
11	24	24	137	use Moo;
	24		45
	24		227
12
13	24	24	12109	use Types::Standard qw(Str Enum InstanceOf);
	24		61
	24		825
14	24	24	86184	use Types::TypeTiny qw(ArrayLike);
	24		67
	24		417
15
16	24	24	14162	use namespace::autoclean;
	24		62
	24		557
17
18				extends 'STIX::Common::Properties';
19
20	24		3120	use constant SCHEMA =>
21	24	24	3043	'http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware-analysis.json';
	24		61
22
23	24		2101	use constant PROPERTIES => (
24				qw(type spec_version id created modified),
25				qw(created_by_ref revoked labels confidence lang external_references object_marking_refs granular_markings extensions),
26				qw(product version host_vm_ref operating_system_ref installed_software_refs configuration_version modules analysis_engine_version analysis_definition_version submitted analysis_started analysis_ended result_name result analysis_sco_refs sample_ref)
27	24	24	191	);
	24		57
28
29	24	24	185	use constant STIX_OBJECT => 'SDO';
	24		51
	24		1356
30	24	24	143	use constant STIX_OBJECT_TYPE => 'malware-analysis';
	24		53
	24		12516
31
32				has product => (is => 'rw', isa => Str, required => 1);
33				has version => (is => 'rw', isa => Str);
34				has host_vm_ref => (is => 'rw', isa => InstanceOf ['STIX::Observable::Software']);
35				has operating_system_ref => (is => 'rw', isa => InstanceOf ['STIX::Observable::Software']);
36
37				has installed_software_refs => (
38				is => 'rw',
39				isa => ArrayLike [InstanceOf ['STIX::Observable::Software']],
40				default => sub { STIX::Common::List->new }
41				);
42
43				has configuration_version => (is => 'rw', isa => Str);
44				has modules => (is => 'rw', isa => ArrayLike [Str], default => sub { STIX::Common::List->new });
45				has analysis_engine_version => (is => 'rw', isa => Str);
46				has analysis_definition_version => (is => 'rw', isa => Str);
47
48				has submitted => (
49				is => 'rw',
50				isa => InstanceOf ['STIX::Common::Timestamp'],
51				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
52				);
53
54				has analysis_started => (
55				is => 'rw',
56				isa => InstanceOf ['STIX::Common::Timestamp'],
57				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
58				);
59
60				has analysis_ended => (
61				is => 'rw',
62				isa => InstanceOf ['STIX::Common::Timestamp'],
63				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
64				);
65
66				has result_name => (is => 'rw', isa => Str);
67				has result => (is => 'rw', isa => Enum [STIX::Common::OpenVocabulary->MALWARE_RESULT()]);
68				has analysis_sco_refs =>
69				(is => 'rw', isa => ArrayLike [InstanceOf ['STIX::Observable']], default => sub { STIX::Common::List->new });
70
71				has sample_ref => (
72				is => 'rw',
73				isa => InstanceOf ['STIX::Observable::File', 'STIX::Observable::NetworkTraffic', 'STIX::Observable::Artifact']
74				);
75
76				1;
77
78				=encoding utf-8
79
80				=head1 NAME
81
82				STIX::MalwareAnalysis - STIX Domain Object (SDO) - Malware Analysis
83
84				=head1 SYNOPSIS
85
86				use STIX::MalwareAnalysis;
87
88				my $malware_analysis = STIX::MalwareAnalysis->new();
89
90
91				=head1 DESCRIPTION
92
93				Malware Analysis captures the metadata and results of a particular analysis
94				performed (static or dynamic) on the malware instance or family.
95
96
97				=head2 METHODS
98
99				L inherits all methods from L
100				and implements the following new ones.
101
102				=over
103
104				=item STIX::MalwareAnalysis->new(%properties)
105
106				Create a new instance of L.
107
108				=item $malware_analysis->analysis_definition_version
109
110				The version of the analysis definitions used by the analysis tool.
111
112				=item $malware_analysis->analysis_ended
113
114				The date and time that the malware analysis ended.
115
116				=item $malware_analysis->analysis_engine_version
117
118				The version of the analysis engine or product that was used to perform this
119				analysis.
120
121				=item $malware_analysis->analysis_sco_refs
122
123				The list of STIX objects that were captured during the analysis process.
124
125				=item $malware_analysis->analysis_started
126
127				The date and time that the malware analysis was initiated.
128
129				=item $malware_analysis->configuration_version
130
131				The version of the analysis product configuration that was used to perform
132				this analysis.
133
134				=item $malware_analysis->host_vm_ref
135
136				A description of the virtual machine environment used to host the guest
137				operating system (if applicable) that was used for the dynamic analysis of
138				the malware instance or family.
139
140				=item $malware_analysis->id
141
142				=item $malware_analysis->installed_software_refs
143
144				Any non-standard software installed on the operating system used for the
145				dynamic analysis of the malware instance or family.
146
147				=item $malware_analysis->modules
148
149				The particular analysis product modules that were used to perform the
150				analysis.
151
152				=item $malware_analysis->operating_system_ref
153
154				The operating system that was used to perform the dynamic analysis.
155
156				=item $malware_analysis->product
157
158				The name of the analysis engine or product that was used for this analysis.
159
160				=item $malware_analysis->result
161
162				The classification result as determined by the scanner or tool analysis
163				process.
164
165				=item $malware_analysis->result_name
166
167				The classification result or name assigned to the malware instance by the
168				scanner tool.
169
170				=item $malware_analysis->sample_ref
171
172				Refers to the object this analysis was performed against.
173
174				=item $malware_analysis->submitted
175
176				The date and time that this malware was first submitted for scanning or
177				analysis.
178
179				=item $malware_analysis->type
180
181				The type of this object, which MUST be the literal C.
182
183				=item $malware_analysis->version
184
185				The version of the analysis product that was used to perform this analysis.
186
187				=back
188
189
190				=head2 HELPERS
191
192				=over
193
194				=item $malware_analysis->TO_JSON
195
196				Encode the object in JSON.
197
198				=item $malware_analysis->to_hash
199
200				Return the object HASH.
201
202				=item $malware_analysis->to_string
203
204				Encode the object in JSON.
205
206				=item $malware_analysis->validate
207
208				Validate the object using JSON Schema (see L).
209
210				=back
211
212
213				=head1 SUPPORT
214
215				=head2 Bugs / Feature Requests
216
217				Please report any bugs or feature requests through the issue tracker
218				at L.
219				You will be notified automatically of any progress on your issue.
220
221				=head2 Source Code
222
223				This is open source software. The code repository is available for
224				public review and contribution under the terms of the license.
225
226				L
227
228				git clone https://github.com/giterlizzi/perl-STIX.git
229
230
231				=head1 AUTHOR
232
233				=over 4
234
235				=item * Giuseppe Di Terlizzi
236
237				=back
238
239
240				=head1 LICENSE AND COPYRIGHT
241
242				This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
243
244				This is free software; you can redistribute it and/or modify it under
245				the same terms as the Perl 5 programming language system itself.
246
247				=cut