2019-07-25 14:53:23 +02:00
|
|
|
{
|
|
|
|
"requiredOneOf": [
|
|
|
|
"filename",
|
|
|
|
"size-in-bytes",
|
|
|
|
"authentihash",
|
|
|
|
"ssdeep",
|
|
|
|
"md5",
|
|
|
|
"sha1",
|
|
|
|
"sha224",
|
|
|
|
"sha256",
|
|
|
|
"sha384",
|
|
|
|
"sha512",
|
|
|
|
"sha512/224",
|
|
|
|
"sha512/256",
|
|
|
|
"tlsh",
|
|
|
|
"pattern-in-file",
|
|
|
|
"certificate",
|
|
|
|
"malware-sample",
|
|
|
|
"attachment",
|
|
|
|
"path",
|
|
|
|
"fullpath"
|
|
|
|
],
|
|
|
|
"required": [
|
|
|
|
"test_overwrite"
|
|
|
|
],
|
|
|
|
"attributes": {
|
|
|
|
"test_overwrite": {
|
|
|
|
"description": "Test attribute",
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
|
|
|
"md5": {
|
|
|
|
"description": "[Insecure] MD5 hash (128 bits)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "md5",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha1": {
|
|
|
|
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "sha1",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha224": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "sha224",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha256": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "sha256"
|
|
|
|
},
|
|
|
|
"sha384": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (384 bits)",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "sha384",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha512": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (512 bits)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "sha512"
|
|
|
|
},
|
|
|
|
"sha512/224": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "sha512/224",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha512/256": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "sha512/256",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"ssdeep": {
|
|
|
|
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "ssdeep"
|
|
|
|
},
|
|
|
|
"authentihash": {
|
|
|
|
"description": "Authenticode executable signature hash",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "authentihash",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"size-in-bytes": {
|
|
|
|
"description": "Size of the file, in bytes",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "size-in-bytes"
|
|
|
|
},
|
|
|
|
"entropy": {
|
|
|
|
"description": "Entropy of the whole file",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "float"
|
|
|
|
},
|
|
|
|
"pattern-in-file": {
|
|
|
|
"description": "Pattern that can be found in the file",
|
|
|
|
"categories": [
|
|
|
|
"Artifacts dropped",
|
|
|
|
"Payload installation",
|
|
|
|
"External analysis"
|
|
|
|
],
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "pattern-in-file",
|
|
|
|
"multiple": true
|
|
|
|
},
|
|
|
|
"text": {
|
|
|
|
"description": "Free text value to attach to the file",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"malware-sample": {
|
|
|
|
"description": "The file itself (binary)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "malware-sample"
|
|
|
|
},
|
|
|
|
"attachment": {
|
|
|
|
"description": "A non-malicious file.",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "attachment"
|
|
|
|
},
|
|
|
|
"filename": {
|
|
|
|
"description": "Filename on disk",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"multiple": true,
|
|
|
|
"categories": [
|
|
|
|
"Payload delivery",
|
|
|
|
"Artifacts dropped",
|
|
|
|
"Payload installation",
|
|
|
|
"External analysis"
|
|
|
|
],
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "filename"
|
|
|
|
},
|
|
|
|
"path": {
|
|
|
|
"description": "Path of the filename complete or partial",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
|
|
|
"fullpath": {
|
|
|
|
"description": "Complete path of the filename including the filename",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
|
|
|
"tlsh": {
|
|
|
|
"description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "tlsh"
|
|
|
|
},
|
|
|
|
"certificate": {
|
|
|
|
"description": "Certificate value if the binary is signed with another authentication scheme than authenticode",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "x509-fingerprint-sha1"
|
|
|
|
},
|
|
|
|
"mimetype": {
|
|
|
|
"description": "Mime type",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "mime-type"
|
|
|
|
},
|
|
|
|
"state": {
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"description": "State of the file",
|
|
|
|
"multiple": true,
|
|
|
|
"disable_correlation": true,
|
|
|
|
"values_list": [
|
|
|
|
"Malicious",
|
|
|
|
"Harmless",
|
|
|
|
"Signed",
|
|
|
|
"Revoked",
|
|
|
|
"Expired",
|
|
|
|
"Trusted"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"file-encoding": {
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 0,
|
|
|
|
"description": "Encoding format of the file",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"sane_default": [
|
|
|
|
"Adobe-Standard-Encoding",
|
|
|
|
"Adobe-Symbol-Encoding",
|
|
|
|
"Amiga-1251",
|
|
|
|
"ANSI_X3.110-1983",
|
|
|
|
"ASMO_449",
|
|
|
|
"Big5",
|
|
|
|
"Big5-HKSCS",
|
|
|
|
"BOCU-1",
|
|
|
|
"BRF",
|
|
|
|
"BS_4730",
|
|
|
|
"BS_viewdata",
|
|
|
|
"CESU-8",
|
|
|
|
"CP50220",
|
|
|
|
"CP51932",
|
|
|
|
"CSA_Z243.4-1985-1",
|
|
|
|
"CSA_Z243.4-1985-2",
|
|
|
|
"CSA_Z243.4-1985-gr",
|
|
|
|
"CSN_369103",
|
|
|
|
"DEC-MCS",
|
|
|
|
"DIN_66003",
|
|
|
|
"dk-us",
|
|
|
|
"DS_2089",
|
|
|
|
"EBCDIC-AT-DE",
|
|
|
|
"EBCDIC-AT-DE-A",
|
|
|
|
"EBCDIC-CA-FR",
|
|
|
|
"EBCDIC-DK-NO",
|
|
|
|
"EBCDIC-DK-NO-A",
|
|
|
|
"EBCDIC-ES",
|
|
|
|
"EBCDIC-ES-A",
|
|
|
|
"EBCDIC-ES-S",
|
|
|
|
"EBCDIC-FI-SE",
|
|
|
|
"EBCDIC-FI-SE-A",
|
|
|
|
"EBCDIC-FR",
|
|
|
|
"EBCDIC-IT",
|
|
|
|
"EBCDIC-PT",
|
|
|
|
"EBCDIC-UK",
|
|
|
|
"EBCDIC-US",
|
|
|
|
"ECMA-cyrillic",
|
|
|
|
"ES",
|
|
|
|
"ES2",
|
|
|
|
"EUC-KR",
|
|
|
|
"Extended_UNIX_Code_Fixed_Width_for_Japanese",
|
|
|
|
"Extended_UNIX_Code_Packed_Format_for_Japanese",
|
|
|
|
"GB18030",
|
|
|
|
"GB_1988-80",
|
|
|
|
"GB2312",
|
|
|
|
"GB_2312-80",
|
|
|
|
"GBK",
|
|
|
|
"GOST_19768-74",
|
|
|
|
"greek7",
|
|
|
|
"greek7-old",
|
|
|
|
"greek-ccitt",
|
|
|
|
"HP-DeskTop",
|
|
|
|
"HP-Legal",
|
|
|
|
"HP-Math8",
|
|
|
|
"HP-Pi-font",
|
|
|
|
"hp-roman8",
|
|
|
|
"HZ-GB-2312",
|
|
|
|
"IBM00858",
|
|
|
|
"IBM00924",
|
|
|
|
"IBM01140",
|
|
|
|
"IBM01141",
|
|
|
|
"IBM01142",
|
|
|
|
"IBM01143",
|
|
|
|
"IBM01144",
|
|
|
|
"IBM01145",
|
|
|
|
"IBM01146",
|
|
|
|
"IBM01147",
|
|
|
|
"IBM01148",
|
|
|
|
"IBM01149",
|
|
|
|
"IBM037",
|
|
|
|
"IBM038",
|
|
|
|
"IBM1026",
|
|
|
|
"IBM1047",
|
|
|
|
"IBM273",
|
|
|
|
"IBM274",
|
|
|
|
"IBM275",
|
|
|
|
"IBM277",
|
|
|
|
"IBM278",
|
|
|
|
"IBM280",
|
|
|
|
"IBM281",
|
|
|
|
"IBM284",
|
|
|
|
"IBM285",
|
|
|
|
"IBM290",
|
|
|
|
"IBM297",
|
|
|
|
"IBM420",
|
|
|
|
"IBM423",
|
|
|
|
"IBM424",
|
|
|
|
"IBM437",
|
|
|
|
"IBM500",
|
|
|
|
"IBM775",
|
|
|
|
"IBM850",
|
|
|
|
"IBM851",
|
|
|
|
"IBM852",
|
|
|
|
"IBM855",
|
|
|
|
"IBM857",
|
|
|
|
"IBM860",
|
|
|
|
"IBM861",
|
|
|
|
"IBM862",
|
|
|
|
"IBM863",
|
|
|
|
"IBM864",
|
|
|
|
"IBM865",
|
|
|
|
"IBM866",
|
|
|
|
"IBM868",
|
|
|
|
"IBM869",
|
|
|
|
"IBM870",
|
|
|
|
"IBM871",
|
|
|
|
"IBM880",
|
|
|
|
"IBM891",
|
|
|
|
"IBM903",
|
|
|
|
"IBM904",
|
|
|
|
"IBM905",
|
|
|
|
"IBM918",
|
|
|
|
"IBM-Symbols",
|
|
|
|
"IBM-Thai",
|
|
|
|
"IEC_P27-1",
|
|
|
|
"INIS",
|
|
|
|
"INIS-8",
|
|
|
|
"INIS-cyrillic",
|
|
|
|
"INVARIANT",
|
|
|
|
"ISO_10367-box",
|
|
|
|
"ISO-10646-J-1",
|
|
|
|
"ISO-10646-UCS-2",
|
|
|
|
"ISO-10646-UCS-4",
|
|
|
|
"ISO-10646-UCS-Basic",
|
|
|
|
"ISO-10646-Unicode-Latin1",
|
|
|
|
"ISO-10646-UTF-1",
|
|
|
|
"ISO-11548-1",
|
|
|
|
"ISO-2022-CN",
|
|
|
|
"ISO-2022-CN-EXT",
|
|
|
|
"ISO-2022-JP",
|
|
|
|
"ISO-2022-JP-2",
|
|
|
|
"ISO-2022-KR",
|
|
|
|
"ISO_2033-1983",
|
|
|
|
"ISO_5427",
|
|
|
|
"ISO_5427:1981",
|
|
|
|
"ISO_5428:1980",
|
|
|
|
"ISO_646.basic:1983",
|
|
|
|
"ISO_646.irv:1983",
|
|
|
|
"ISO_6937-2-25",
|
|
|
|
"ISO_6937-2-add",
|
|
|
|
"ISO-8859-10",
|
|
|
|
"ISO_8859-1:1987",
|
|
|
|
"ISO-8859-13",
|
|
|
|
"ISO-8859-14",
|
|
|
|
"ISO-8859-15",
|
|
|
|
"ISO-8859-16",
|
|
|
|
"ISO-8859-1-Windows-3.0-Latin-1",
|
|
|
|
"ISO-8859-1-Windows-3.1-Latin-1",
|
|
|
|
"ISO_8859-2:1987",
|
|
|
|
"ISO-8859-2-Windows-Latin-2",
|
|
|
|
"ISO_8859-3:1988",
|
|
|
|
"ISO_8859-4:1988",
|
|
|
|
"ISO_8859-5:1988",
|
|
|
|
"ISO_8859-6:1987",
|
|
|
|
"ISO_8859-6-E",
|
|
|
|
"ISO_8859-6-I",
|
|
|
|
"ISO_8859-7:1987",
|
|
|
|
"ISO_8859-8:1988",
|
|
|
|
"ISO_8859-8-E",
|
|
|
|
"ISO_8859-8-I",
|
|
|
|
"ISO_8859-9:1989",
|
|
|
|
"ISO-8859-9-Windows-Latin-5",
|
|
|
|
"ISO_8859-supp",
|
|
|
|
"iso-ir-90",
|
|
|
|
"ISO-Unicode-IBM-1261",
|
|
|
|
"ISO-Unicode-IBM-1264",
|
|
|
|
"ISO-Unicode-IBM-1265",
|
|
|
|
"ISO-Unicode-IBM-1268",
|
|
|
|
"ISO-Unicode-IBM-1276",
|
|
|
|
"IT",
|
|
|
|
"JIS_C6220-1969-jp",
|
|
|
|
"JIS_C6220-1969-ro",
|
|
|
|
"JIS_C6226-1978",
|
|
|
|
"JIS_C6226-1983",
|
|
|
|
"JIS_C6229-1984-a",
|
|
|
|
"JIS_C6229-1984-b",
|
|
|
|
"JIS_C6229-1984-b-add",
|
|
|
|
"JIS_C6229-1984-hand",
|
|
|
|
"JIS_C6229-1984-hand-add",
|
|
|
|
"JIS_C6229-1984-kana",
|
|
|
|
"JIS_Encoding",
|
|
|
|
"JIS_X0201",
|
|
|
|
"JIS_X0212-1990",
|
|
|
|
"JUS_I.B1.002",
|
|
|
|
"JUS_I.B1.003-mac",
|
|
|
|
"JUS_I.B1.003-serb",
|
|
|
|
"KOI7-switched",
|
|
|
|
"KOI8-R",
|
|
|
|
"KOI8-U",
|
|
|
|
"KS_C_5601-1987",
|
|
|
|
"KSC5636",
|
|
|
|
"KZ-1048",
|
|
|
|
"latin-greek",
|
|
|
|
"Latin-greek-1",
|
|
|
|
"latin-lap",
|
|
|
|
"macintosh",
|
|
|
|
"Microsoft-Publishing",
|
|
|
|
"MNEM",
|
|
|
|
"MNEMONIC",
|
|
|
|
"MSZ_7795.3",
|
|
|
|
"Name",
|
|
|
|
"NATS-DANO",
|
|
|
|
"NATS-DANO-ADD",
|
|
|
|
"NATS-SEFI",
|
|
|
|
"NATS-SEFI-ADD",
|
|
|
|
"NC_NC00-10:81",
|
|
|
|
"NF_Z_62-010",
|
|
|
|
"NF_Z_62-010_(1973)",
|
|
|
|
"NS_4551-1",
|
|
|
|
"NS_4551-2",
|
|
|
|
"OSD_EBCDIC_DF03_IRV",
|
|
|
|
"OSD_EBCDIC_DF04_1",
|
|
|
|
"OSD_EBCDIC_DF04_15",
|
|
|
|
"PC8-Danish-Norwegian",
|
|
|
|
"PC8-Turkish",
|
|
|
|
"PT",
|
|
|
|
"PT2",
|
|
|
|
"PTCP154",
|
|
|
|
"SCSU",
|
|
|
|
"SEN_850200_B",
|
|
|
|
"SEN_850200_C",
|
|
|
|
"Shift_JIS",
|
|
|
|
"T.101-G2",
|
|
|
|
"T.61-7bit",
|
|
|
|
"T.61-8bit",
|
|
|
|
"TIS-620",
|
|
|
|
"TSCII",
|
|
|
|
"UNICODE-1-1",
|
|
|
|
"UNICODE-1-1-UTF-7",
|
|
|
|
"UNKNOWN-8BIT",
|
|
|
|
"US-ASCII",
|
|
|
|
"us-dk",
|
|
|
|
"UTF-16",
|
|
|
|
"UTF-16BE",
|
|
|
|
"UTF-16LE",
|
|
|
|
"UTF-32",
|
|
|
|
"UTF-32BE",
|
|
|
|
"UTF-32LE",
|
|
|
|
"UTF-7",
|
|
|
|
"UTF-8",
|
|
|
|
"Ventura-International",
|
|
|
|
"Ventura-Math",
|
|
|
|
"Ventura-US",
|
|
|
|
"videotex-suppl",
|
|
|
|
"VIQR",
|
|
|
|
"VISCII",
|
|
|
|
"windows-1250",
|
|
|
|
"windows-1251",
|
|
|
|
"windows-1252",
|
|
|
|
"windows-1253",
|
|
|
|
"windows-1254",
|
|
|
|
"windows-1255",
|
|
|
|
"windows-1256",
|
|
|
|
"windows-1257",
|
|
|
|
"windows-1258",
|
|
|
|
"Windows-31J",
|
|
|
|
"windows-874"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
},
|
2019-12-16 15:24:04 +01:00
|
|
|
"version": 1,
|
2019-07-25 14:53:23 +02:00
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
2019-12-16 15:24:04 +01:00
|
|
|
"uuid": "688c46fb-5edb-40a3-8273-1af7923e0000",
|
|
|
|
"name": "overwrite_file"
|
2019-07-25 14:53:23 +02:00
|
|
|
}
|