misp-objects/objects/artifact/definition.json

{
  "attributes": {
    "decryption_key": {
      "description": "Specifies the decryption key for the encrypted binary data (either via payload_bin or url). For example, this may be useful in cases of sharing malware samples, which are often encoded in an encrypted archive.",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "encryption_algorithm": {
      "description": "If the artifact is encrypted, specifies the type of encryption algorithm the binary data  (either via payload_bin or url) is encoded in.",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "md5": {
      "description": "[Insecure] MD5 hash (128 bits)",
      "misp-attribute": "md5",
      "recommended": false,
      "ui-priority": 1
    },
    "mime_type": {
      "description": "Whenever feasible, this value SHOULD be one of the values defined in the Template column in the IANA media type registry [Media Types]. Maintaining a comprehensive universal catalog of all extant file types is obviously not possible. When specifying a MIME Type not included in the IANA registry, implementers should use their best judgement so as to facilitate interoperability.",
      "disable_correlation": true,
      "misp-attribute": "mime-type",
      "ui-priority": 0
    },
    "payload_bin": {
      "description": "Specifies the binary data contained in the artifact as a base64-encoded string.",
      "misp-attribute": "attachment",
      "ui-priority": 0
    },
    "sha1": {
      "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
      "misp-attribute": "sha1",
      "recommended": false,
      "ui-priority": 1
    },
    "sha256": {
      "description": "Secure Hash Algorithm 2 (256 bits)",
      "misp-attribute": "sha256",
      "ui-priority": 1
    },
    "sha3-256": {
      "description": "Secure Hash Algorithm 3 (256 bits)",
      "misp-attribute": "sha3-256",
      "recommended": false,
      "ui-priority": 0
    },
    "sha3-512": {
      "description": "Secure Hash Algorithm 3 (512 bits)",
      "misp-attribute": "sha3-512",
      "recommended": false,
      "ui-priority": 0
    },
    "sha512": {
      "description": "Secure Hash Algorithm 2 (512 bits)",
      "misp-attribute": "sha512",
      "ui-priority": 1
    },
    "ssdeep": {
      "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
      "misp-attribute": "ssdeep",
      "ui-priority": 0
    },
    "tlsh": {
      "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
      "misp-attribute": "tlsh",
      "ui-priority": 0
    },
    "url": {
      "description": "The value of this property MUST be a valid URL that resolves to the unencoded content. When present, at least one hash value MUST be present too.",
      "misp-attribute": "url",
      "ui-priority": 0
    }
  },
  "description": "The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. From STIX 2.1 (6.1)",
  "meta-category": "file",
  "name": "artifact",
  "requiredOneOf": [
    "payload_bin",
    "url"
  ],
  "uuid": "0a46df3a-bd9b-472c-a1e7-6aede7094483",
  "version": 3
}
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. ref: STIX 2.1 - 6.1 Open point: relationships for the related hashes 2022-02-01 16:25:24 +01:00			`{`
			`"attributes": {`
			`"decryption_key": {`
			`"description": "Specifies the decryption key for the encrypted binary data (either via payload_bin or url). For example, this may be useful in cases of sharing malware samples, which are often encoded in an encrypted archive.",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
			`},`
			`"encryption_algorithm": {`
			`"description": "If the artifact is encrypted, specifies the type of encryption algorithm the binary data (either via payload_bin or url) is encoded in.",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
			`},`
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes - A change to adopt the same logic as file objects regarding the different hash values - In STIX 2.1 an Artifact object is not necessarily linked to a File object and both referenced by an Observed Data object. In some cases Artifact objects are referenced for instance by Malware objects, in which case they describe the actual malware sample. It is then usefull to have the different hash values in single attributes rather than concatenated in a text attribute 2023-08-16 23:25:32 +02:00			`"md5": {`
			`"description": "[Insecure] MD5 hash (128 bits)",`
			`"misp-attribute": "md5",`
			`"recommended": false,`
			`"ui-priority": 1`
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. ref: STIX 2.1 - 6.1 Open point: relationships for the related hashes 2022-02-01 16:25:24 +01:00			`},`
			`"mime_type": {`
			`"description": "Whenever feasible, this value SHOULD be one of the values defined in the Template column in the IANA media type registry [Media Types]. Maintaining a comprehensive universal catalog of all extant file types is obviously not possible. When specifying a MIME Type not included in the IANA registry, implementers should use their best judgement so as to facilitate interoperability.",`
			`"disable_correlation": true,`
			`"misp-attribute": "mime-type",`
			`"ui-priority": 0`
			`},`
			`"payload_bin": {`
			`"description": "Specifies the binary data contained in the artifact as a base64-encoded string.",`
chg: [artifact] Changed the `payload_bin` attribute to attachment type 2024-01-19 23:15:41 +01:00			`"misp-attribute": "attachment",`
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. ref: STIX 2.1 - 6.1 Open point: relationships for the related hashes 2022-02-01 16:25:24 +01:00			`"ui-priority": 0`
			`},`
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes - A change to adopt the same logic as file objects regarding the different hash values - In STIX 2.1 an Artifact object is not necessarily linked to a File object and both referenced by an Observed Data object. In some cases Artifact objects are referenced for instance by Malware objects, in which case they describe the actual malware sample. It is then usefull to have the different hash values in single attributes rather than concatenated in a text attribute 2023-08-16 23:25:32 +02:00			`"sha1": {`
			`"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",`
			`"misp-attribute": "sha1",`
			`"recommended": false,`
			`"ui-priority": 1`
			`},`
			`"sha256": {`
			`"description": "Secure Hash Algorithm 2 (256 bits)",`
			`"misp-attribute": "sha256",`
			`"ui-priority": 1`
			`},`
			`"sha3-256": {`
			`"description": "Secure Hash Algorithm 3 (256 bits)",`
			`"misp-attribute": "sha3-256",`
			`"recommended": false,`
			`"ui-priority": 0`
			`},`
			`"sha3-512": {`
			`"description": "Secure Hash Algorithm 3 (512 bits)",`
			`"misp-attribute": "sha3-512",`
			`"recommended": false,`
			`"ui-priority": 0`
			`},`
			`"sha512": {`
			`"description": "Secure Hash Algorithm 2 (512 bits)",`
			`"misp-attribute": "sha512",`
			`"ui-priority": 1`
			`},`
			`"ssdeep": {`
			`"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",`
			`"misp-attribute": "ssdeep",`
			`"ui-priority": 0`
			`},`
			`"tlsh": {`
			`"description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",`
			`"misp-attribute": "tlsh",`
			`"ui-priority": 0`
			`},`
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. ref: STIX 2.1 - 6.1 Open point: relationships for the related hashes 2022-02-01 16:25:24 +01:00			`"url": {`
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes - A change to adopt the same logic as file objects regarding the different hash values - In STIX 2.1 an Artifact object is not necessarily linked to a File object and both referenced by an Observed Data object. In some cases Artifact objects are referenced for instance by Malware objects, in which case they describe the actual malware sample. It is then usefull to have the different hash values in single attributes rather than concatenated in a text attribute 2023-08-16 23:25:32 +02:00			`"description": "The value of this property MUST be a valid URL that resolves to the unencoded content. When present, at least one hash value MUST be present too.",`
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. ref: STIX 2.1 - 6.1 Open point: relationships for the related hashes 2022-02-01 16:25:24 +01:00			`"misp-attribute": "url",`
			`"ui-priority": 0`
			`}`
			`},`
fix: [objects description] ref #384 - Grammar fixes included in the JSON files. 2023-02-02 10:51:32 +01:00			`"description": "The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. From STIX 2.1 (6.1)",`
new: [artifact] The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. ref: STIX 2.1 - 6.1 Open point: relationships for the related hashes 2022-02-01 16:25:24 +01:00			`"meta-category": "file",`
			`"name": "artifact",`
			`"requiredOneOf": [`
			`"payload_bin",`
			`"url"`
			`],`
			`"uuid": "0a46df3a-bd9b-472c-a1e7-6aede7094483",`
chg: [artifact] Changed the `hashes` attribute into the different hash type attributes - A change to adopt the same logic as file objects regarding the different hash values - In STIX 2.1 an Artifact object is not necessarily linked to a File object and both referenced by an Observed Data object. In some cases Artifact objects are referenced for instance by Malware objects, in which case they describe the actual malware sample. It is then usefull to have the different hash values in single attributes rather than concatenated in a text attribute 2023-08-16 23:25:32 +02:00			`"version": 3`
fix: [artifact] Properly JQed the end of file 2023-08-17 14:49:44 +02:00			`}`