Glossary
Key terminology and concepts in Malbox
Analysis Profile
Section titled “Analysis Profile”A configuration set that defines how analysis tasks should be performed, including which plugins to use, VM configurations, network settings, and timeout values.
Analysis Task
Section titled “Analysis Task”A unit of work in Malbox that represents the analysis of a specific sample with a defined profile and configuration.
Ansible
Section titled “Ansible”An automation tool used by Malbox to configure virtual machines with necessary analysis tools and settings.
Architecture (CPU)
Section titled “Architecture (CPU)”The CPU architecture targeted by a virtual machine or plugin. Malbox supports x86 and x64 architectures.
Builder
Section titled “Builder”A component in Malbox that creates customized virtual machine images using Packer.
CLI (Command Line Interface)
Section titled “CLI (Command Line Interface)”The command-line tool for interacting with Malbox, providing access to all system functionality.
Communication Channel
Section titled “Communication Channel”An abstraction for message passing between components in Malbox, implemented using iceoryx2 for efficient IPC.
Downloader
Section titled “Downloader”A Malbox component that manages downloading and verifying source files like operating system ISOs.
Dynamic Analysis
Section titled “Dynamic Analysis”Analysis performed by executing a sample in a controlled environment and observing its behavior.
Environment
Section titled “Environment”A deployment context in Malbox (development, staging, production) that affects logging, debugging, and other behaviors.
Execution Context
Section titled “Execution Context”Defines where a plugin executes - on the host system, in a guest VM, or in a hybrid configuration.
Execution Policy
Section titled “Execution Policy”Rules that define how a plugin can execute in relation to other plugins: Exclusive, Sequential, Parallel, or Unrestricted.
A virtual machine running an analysis task.
Guest Plugin
Section titled “Guest Plugin”A plugin that runs inside a virtual machine, typically used for dynamic analysis.
The machine running the Malbox core system.
Host Plugin
Section titled “Host Plugin”A plugin that runs on the host system, typically used for static analysis.
Hybrid Plugin
Section titled “Hybrid Plugin”A plugin with components that run on both the host system and in guest VMs.
Infrastructure
Section titled “Infrastructure”The virtual machines, networks, and storage resources managed by Malbox.
IPC (Inter-Process Communication)
Section titled “IPC (Inter-Process Communication)”The mechanism through which Malbox components communicate. Malbox uses iceoryx2 for efficient zero-copy IPC.
iceoryx2
Section titled “iceoryx2”A shared memory communication library used by Malbox for efficient, zero-copy inter-process communication.
Machine
Section titled “Machine”A virtual machine managed by Malbox for running dynamic analysis.
Machine Provider
Section titled “Machine Provider”A hypervisor or virtualization platform (KVM, VMware, VirtualBox) used to run virtual machines.
Malware
Section titled “Malware”Malicious software that is the target of analysis in Malbox.
Packer
Section titled “Packer”An infrastructure automation tool used by Malbox to create customized virtual machine images.
Platform
Section titled “Platform”The operating system type (Windows, Linux) of a virtual machine or analysis environment.
Plugin
Section titled “Plugin”An extension module that provides specific analysis capabilities to Malbox.
Plugin Instance
Section titled “Plugin Instance”A running instance of a plugin, managed by the Plugin Manager.
Plugin Manager
Section titled “Plugin Manager”A component that manages the lifecycle of plugins, including loading, initialization, and communication.
Plugin Registry
Section titled “Plugin Registry”A catalog of all available plugins and their capabilities.
Plugin State
Section titled “Plugin State”The current lifecycle status of a plugin: Created, Starting, Running, Stopping, Stopped, or Failed.
Resource Manager
Section titled “Resource Manager”A component that allocates and manages virtual machines and other resources needed for analysis tasks.
Result Server
Section titled “Result Server”A server component that receives analysis results from guest VMs.
Sample
Section titled “Sample”A file submitted for analysis.
Scheduler
Section titled “Scheduler”A component that manages the execution of analysis tasks, including prioritization and resource allocation.
Source Registry
Section titled “Source Registry”A catalog of available operating system images and other source files that can be downloaded.
Source Type
Section titled “Source Type”The type of a downloadable source file: ISO, VM Image, Container Image, Archive.
Static Analysis
Section titled “Static Analysis”Analysis performed by examining a file without executing it.
See “Analysis Task”.
Task Coordinator
Section titled “Task Coordinator”A component that orchestrates the execution of analysis tasks.
Task Queue
Section titled “Task Queue”A prioritized list of pending analysis tasks.
Task State
Section titled “Task State”The current status of an analysis task: Pending, Initializing, PreparingResources, Running, Stopping, Completed, Failed, Canceled.
Terraform
Section titled “Terraform”An infrastructure automation tool used by Malbox to provision and configure virtual machines.
VM (Virtual Machine)
Section titled “VM (Virtual Machine)”An isolated environment used for dynamic analysis of malware.
VM Image
Section titled “VM Image”A disk image containing an operating system and analysis tools, used to create VMs.
Worker
Section titled “Worker”A process responsible for executing analysis tasks.
Worker Pool
Section titled “Worker Pool”A collection of worker processes managed by the task coordinator.
Cross-Reference Guide
Section titled “Cross-Reference Guide”Plugin-Related Terms
Section titled “Plugin-Related Terms”- Plugin
- Plugin Instance
- Plugin Manager
- Plugin Registry
- Plugin State
- Execution Context
- Execution Policy
- Host Plugin
- Guest Plugin
- Hybrid Plugin