misp-objects/objects/pe/definition.json

{
  "requiredOneOf": [
    "text",
    "original-filename",
    "internal-filename",
    "entrypoint-address"
  ],
  "attributes": {
    "pehash": {
      "description": "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/",
      "ui-priority": 0,
      "misp-attribute": "pehash"
    },
    "impfuzzy": {
      "description": "Fuzzy Hash (ssdeep) calculated from the import table",
      "ui-priority": 0,
      "misp-attribute": "impfuzzy"
    },
    "internal-filename": {
      "description": "InternalFilename in the resources",
      "ui-priority": 0,
      "misp-attribute": "filename"
    },
    "original-filename": {
      "description": "OriginalFilename in the resources",
      "ui-priority": 1,
      "misp-attribute": "filename"
    },
    "number-sections": {
      "description": "Number of sections",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "text": {
      "description": "Free text value to attach to the PE",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text",
      "recommended": false
    },
    "type": {
      "description": "Type of PE",
      "sane_default": [
        "exe",
        "dll",
        "driver",
        "unknown"
      ],
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "imphash": {
      "description": "Hash (md5) calculated from the import table",
      "ui-priority": 0,
      "misp-attribute": "imphash"
    },
    "compilation-timestamp": {
      "description": "Compilation timestamp defined in the PE header",
      "ui-priority": 1,
      "misp-attribute": "datetime"
    },
    "entrypoint-section-at-position": {
      "description": "Name of the section and position of the section in the PE",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "entrypoint-address": {
      "description": "Address of the entry point",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "file-description": {
      "description": "FileDescription in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "file-version": {
      "description": "FileVersion in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "lang-id": {
      "description": "Lang ID in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "product-name": {
      "description": "ProductName in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "product-version": {
      "description": "ProductVersion in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "company-name": {
      "description": "CompanyName in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "legal-copyright": {
      "description": "LegalCopyright in the resources",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    }
  },
  "version": 2,
  "description": "Object describing a Portable Executable",
  "meta-category": "file",
  "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
  "name": "pe"
}
Add PE object 2017-03-09 14:14:36 +01:00			`{`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"requiredOneOf": [`
			`"text",`
			`"original-filename",`
Update required entries for PE objects 2017-07-21 11:33:38 +02:00			`"internal-filename",`
			`"entrypoint-address"`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`],`
Add PE object 2017-03-09 14:14:36 +01:00			`"attributes": {`
add elf,elf-section and number of sections in a pe, and move pehash in pe 2017-03-13 17:23:42 +01:00			`"pehash": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/",`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "pehash"`
add elf,elf-section and number of sections in a pe, and move pehash in pe 2017-03-13 17:23:42 +01:00			`},`
correct travis 2017-03-15 11:30:54 +01:00			`"impfuzzy": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Fuzzy Hash (ssdeep) calculated from the import table",`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "impfuzzy"`
correct travis 2017-03-15 11:30:54 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"internal-filename": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "InternalFilename in the resources",`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "filename"`
			`},`
			`"original-filename": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "OriginalFilename in the resources",`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 1,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "filename"`
			`},`
			`"number-sections": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Number of sections",`
Update PE object 2017-03-14 15:57:05 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "counter"`
			`},`
			`"text": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Free text value to attach to the PE",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 1,`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"misp-attribute": "text",`
			`"recommended": false`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`},`
			`"type": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Type of PE",`
Update PE object 2017-03-14 15:57:05 +01:00			`"sane_default": [`
			`"exe",`
			`"dll",`
			`"driver",`
			`"unknown"`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`],`
			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 1,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"imphash": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Hash (md5) calculated from the import table",`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "imphash"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"compilation-timestamp": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Compilation timestamp defined in the PE header",`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 1,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "datetime"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"entrypoint-section-at-position": {`
			`"description": "Name of the section and position of the section in the PE",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"entrypoint-address": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Address of the entry point",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"file-description": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "FileDescription in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"file-version": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "FileVersion in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"lang-id": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Lang ID in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"product-name": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "ProductName in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"product-version": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "ProductVersion in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Update file and pe, add pe-section 2017-03-12 23:06:39 +01:00			`},`
			`"company-name": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "CompanyName in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Update file and pe, add pe-section 2017-03-12 23:06:39 +01:00			`},`
			`"legal-copyright": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "LegalCopyright in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:11 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"misp-attribute": "text"`
Add PE object 2017-03-09 14:14:36 +01:00			`}`
			`},`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"version": 2,`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"description": "Object describing a Portable Executable",`
			`"meta-category": "file",`
			`"uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",`
			`"name": "pe"`
Add PE object 2017-03-09 14:14:36 +01:00			`}`