2016-02-09 21:04:39 +01:00
|
|
|
{
|
2017-07-03 12:13:38 +02:00
|
|
|
"requiredOneOf": [
|
|
|
|
"filename",
|
|
|
|
"size-in-bytes",
|
|
|
|
"authentihash",
|
|
|
|
"ssdeep",
|
|
|
|
"imphash",
|
|
|
|
"pehash",
|
2017-08-29 13:25:58 +02:00
|
|
|
"md5",
|
|
|
|
"sha1",
|
2017-07-03 12:13:38 +02:00
|
|
|
"sha224",
|
2017-08-29 13:25:58 +02:00
|
|
|
"sha256",
|
2017-07-03 12:13:38 +02:00
|
|
|
"sha384",
|
|
|
|
"sha512",
|
|
|
|
"sha512/224",
|
|
|
|
"sha512/256",
|
|
|
|
"tlsh",
|
2017-12-03 11:36:22 +01:00
|
|
|
"pattern-in-file",
|
2017-12-12 17:16:47 +01:00
|
|
|
"x509-fingerprint-sha1",
|
2018-04-09 15:56:39 +02:00
|
|
|
"malware-sample",
|
|
|
|
"path"
|
2017-07-03 12:13:38 +02:00
|
|
|
],
|
2017-02-13 11:18:42 +01:00
|
|
|
"attributes": {
|
2017-07-03 12:13:38 +02:00
|
|
|
"md5": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "[Insecure] MD5 hash (128 bits)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 1,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "md5",
|
|
|
|
"recommended": false
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-08-29 13:25:58 +02:00
|
|
|
"sha1": {
|
|
|
|
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "sha1",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha224": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "sha224",
|
|
|
|
"recommended": false
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-08-29 13:25:58 +02:00
|
|
|
"sha256": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
|
|
|
"ui-priority": 1,
|
|
|
|
"misp-attribute": "sha256"
|
|
|
|
},
|
|
|
|
"sha384": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (384 bits)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "sha384",
|
|
|
|
"recommended": false
|
|
|
|
},
|
|
|
|
"sha512": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (512 bits)",
|
|
|
|
"ui-priority": 1,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "sha512"
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-08-29 13:25:58 +02:00
|
|
|
"sha512/224": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "sha512/224",
|
|
|
|
"recommended": false
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-08-29 13:25:58 +02:00
|
|
|
"sha512/256": {
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "sha512/256",
|
|
|
|
"recommended": false
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"ssdeep": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "ssdeep"
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"authentihash": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Authenticode executable signature hash",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "authentihash",
|
|
|
|
"recommended": false
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"size-in-bytes": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Size of the file, in bytes",
|
2017-07-03 12:13:38 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "size-in-bytes"
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"entropy": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Entropy of the whole file",
|
2017-07-03 12:13:38 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 1,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "float"
|
|
|
|
},
|
|
|
|
"pattern-in-file": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Pattern that can be found in the file",
|
2017-03-16 23:06:36 +01:00
|
|
|
"categories": [
|
|
|
|
"Artifacts dropped",
|
|
|
|
"Payload installation",
|
|
|
|
"External analysis"
|
2017-07-03 12:13:38 +02:00
|
|
|
],
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 1,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "pattern-in-file"
|
2017-02-13 11:18:42 +01:00
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"text": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Free text value to attach to the file",
|
2017-07-03 12:13:38 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 1,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "text",
|
|
|
|
"recommended": false
|
2017-03-12 23:06:39 +01:00
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"malware-sample": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "The file itself (binary)",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 1,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "malware-sample"
|
|
|
|
},
|
|
|
|
"filename": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Filename on disk",
|
2017-12-24 15:02:47 +01:00
|
|
|
"disable_correlation": true,
|
2017-11-23 09:57:49 +01:00
|
|
|
"multiple": true,
|
2017-02-13 11:18:42 +01:00
|
|
|
"categories": [
|
2017-07-03 12:13:38 +02:00
|
|
|
"Payload delivery",
|
2017-02-13 11:18:42 +01:00
|
|
|
"Artifacts dropped",
|
|
|
|
"Payload installation",
|
|
|
|
"External analysis"
|
2017-07-03 12:13:38 +02:00
|
|
|
],
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 1,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "filename"
|
|
|
|
},
|
2018-04-09 15:56:39 +02:00
|
|
|
"path": {
|
|
|
|
"description": "Path of the filename complete or partial",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 0,
|
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
2017-07-03 12:13:38 +02:00
|
|
|
"tlsh": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
|
2017-07-03 16:50:13 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:13:38 +02:00
|
|
|
"misp-attribute": "tlsh"
|
2017-08-23 11:01:48 +02:00
|
|
|
},
|
2017-12-03 11:36:22 +01:00
|
|
|
"certificate": {
|
|
|
|
"description": "Certificate value if the binary is signed with another authentication scheme than authenticode",
|
2017-12-03 11:42:56 +01:00
|
|
|
"ui-priority": 0,
|
2017-12-03 11:36:22 +01:00
|
|
|
"misp-attribute": "x509-fingerprint-sha1"
|
|
|
|
},
|
2017-08-23 11:01:48 +02:00
|
|
|
"mimetype": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Mime type",
|
2017-08-23 11:01:48 +02:00
|
|
|
"disable_correlation": true,
|
|
|
|
"ui-priority": 0,
|
2018-02-09 07:34:58 +01:00
|
|
|
"misp-attribute": "mime-type"
|
2017-10-23 20:28:30 +02:00
|
|
|
},
|
|
|
|
"state": {
|
|
|
|
"misp-attribute": "text",
|
2017-10-23 20:35:07 +02:00
|
|
|
"ui-priority": 0,
|
|
|
|
"description": "State of the file",
|
2017-10-23 20:28:30 +02:00
|
|
|
"multiple": true,
|
2017-12-04 11:01:56 +01:00
|
|
|
"disable_correlation": true,
|
2017-10-23 20:28:30 +02:00
|
|
|
"values_list": [
|
2017-12-04 11:01:56 +01:00
|
|
|
"Malicious",
|
2017-10-23 20:28:30 +02:00
|
|
|
"Harmless",
|
|
|
|
"Signed",
|
|
|
|
"Revoked",
|
|
|
|
"Expired",
|
2017-12-04 11:01:56 +01:00
|
|
|
"Trusted"
|
2017-10-23 20:28:30 +02:00
|
|
|
]
|
2017-02-13 11:18:42 +01:00
|
|
|
}
|
|
|
|
},
|
2018-04-09 15:56:39 +02:00
|
|
|
"version": 11,
|
2017-07-03 12:13:38 +02:00
|
|
|
"description": "File object describing a file with meta-information",
|
|
|
|
"meta-category": "file",
|
|
|
|
"uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
|
|
"name": "file"
|
2016-02-09 21:04:39 +01:00
|
|
|
}
|