Creating tests

This part of the documentation will explain the required fields and the tests that are possible.

Each test file needs to have exactly two keys at its root; the ‘test_info’ and the ‘tests’ key.

The ‘test_info’ key contains a dictionary of information about this test and information needed to run this test. The ‘tests’ key is a dictionary that contains the actual tests.

Ok! Let’s get started:

1. Open a new file.
2. Add the JSON dictionaries stated in the example.
3. Think of a name for your test. For what malware sample is this test? Use that as a name for the test.
4. Save your new file in the tests directory of Cuckoo-unittest with a .json extension.

Example: the filename is Cryptolocker-test.json

    {
            "test_info": {
            },
            "tests": {
            }
    }

• test_info keys
  • test_name
  • sample_filename
  • sample_sha1
  • sample_sha256
  • sample_url
  • cuckoo_options
• Adding tests
  • tests
    • check_md5
    • check_sha1
    • check_sha256
    • check_sha512
    • check_expected_api_calls
    • check_expected_regkeys_opened
    • check_expected_regkeys_read
    • check_expected_regkeys_written
    • check_expected_regkeys_deleted
    • check_expected_mutexes_created
    • check_expected_ips_connected
    • check_expected_hosts_connected
    • check_expected_processes
    • check_expected_dll_loaded
    • check_expected_monitor_log_lines