{
  "attributes": {
    "analysis_definition_version": {
      "description": "The version of the analysis definitions used by the analysis tool.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "analysis_engine_version": {
      "description": "The version of the analysis engine or product that was used to perform the analysis.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "configuration_version": {
      "description": "The named configuration of additional product configuration parameters for this analysis run.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "end_time": {
      "description": "The date and time that the malware analysis ended.",
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "module": {
      "description": "The specific analysis module that was used and configured in the product during this analysis run.",
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 0
    },
    "product": {
      "description": "The name of the analysis engine or product that was used.",
      "misp-attribute": "text",
      "ui-priority": 1
    },
    "result": {
      "description": "The classification result as determined by the scanner or tool analysis process.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "benign",
        "malicious",
        "suspicious",
        "unknown"
      ],
      "ui-priority": 0
    },
    "result_name": {
      "description": "The classification result or name assigned to the malware instance by the scanner tool.",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "start_time": {
      "description": "The date and time that the malware analysis was initiated.",
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "submitted_time": {
      "description": "The date and time that the malware was first submitted for scanning or analysis.",
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "version": {
      "description": "The version of the analysis product that was used to perform the analysis.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    }
  },
  "description": "Malware Analysis captures the metadata and results of a particular static or dynamic analysis performed on a malware instance or family.",
  "meta-category": "misc",
  "name": "malware-analysis",
  "required": [
    "product"
  ],
  "uuid": "8229ee82-7218-4ff5-9eac-57961a6f0288",
  "version": 1
}