misp-objects/objects/file/definition.json

173 lines
4.4 KiB
JSON
Raw Normal View History

2016-02-09 21:04:39 +01:00
{
2017-07-03 12:13:38 +02:00
"requiredOneOf": [
"filename",
"size-in-bytes",
"authentihash",
"ssdeep",
"imphash",
"pehash",
2017-08-29 13:25:58 +02:00
"md5",
"sha1",
2017-07-03 12:13:38 +02:00
"sha224",
2017-08-29 13:25:58 +02:00
"sha256",
2017-07-03 12:13:38 +02:00
"sha384",
"sha512",
"sha512/224",
"sha512/256",
"tlsh",
"pattern-in-file",
"x509-fingerprint-sha1",
2018-04-09 15:56:39 +02:00
"malware-sample",
"path"
2017-07-03 12:13:38 +02:00
],
2017-02-13 11:18:42 +01:00
"attributes": {
2017-07-03 12:13:38 +02:00
"md5": {
2017-08-29 13:25:58 +02:00
"description": "[Insecure] MD5 hash (128 bits)",
2017-07-03 16:50:13 +02:00
"ui-priority": 1,
2017-08-29 13:25:58 +02:00
"misp-attribute": "md5",
"recommended": false
2017-02-13 11:18:42 +01:00
},
2017-08-29 13:25:58 +02:00
"sha1": {
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
"ui-priority": 1,
"misp-attribute": "sha1",
"recommended": false
},
"sha224": {
"description": "Secure Hash Algorithm 2 (224 bits)",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-08-29 13:25:58 +02:00
"misp-attribute": "sha224",
"recommended": false
2017-02-13 11:18:42 +01:00
},
2017-08-29 13:25:58 +02:00
"sha256": {
"description": "Secure Hash Algorithm 2 (256 bits)",
"ui-priority": 1,
"misp-attribute": "sha256"
},
"sha384": {
"description": "Secure Hash Algorithm 2 (384 bits)",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-08-29 13:25:58 +02:00
"misp-attribute": "sha384",
"recommended": false
},
"sha512": {
"description": "Secure Hash Algorithm 2 (512 bits)",
"ui-priority": 1,
2017-07-03 12:13:38 +02:00
"misp-attribute": "sha512"
2017-02-13 11:18:42 +01:00
},
2017-08-29 13:25:58 +02:00
"sha512/224": {
"description": "Secure Hash Algorithm 2 (224 bits)",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-08-29 13:25:58 +02:00
"misp-attribute": "sha512/224",
"recommended": false
2017-02-13 11:18:42 +01:00
},
2017-08-29 13:25:58 +02:00
"sha512/256": {
"description": "Secure Hash Algorithm 2 (256 bits)",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-08-29 13:25:58 +02:00
"misp-attribute": "sha512/256",
"recommended": false
2017-02-13 11:18:42 +01:00
},
2017-07-03 12:13:38 +02:00
"ssdeep": {
2017-08-29 13:25:58 +02:00
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-07-03 12:13:38 +02:00
"misp-attribute": "ssdeep"
2017-02-13 11:18:42 +01:00
},
2017-07-03 12:13:38 +02:00
"authentihash": {
2017-08-29 13:25:58 +02:00
"description": "Authenticode executable signature hash",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-08-29 13:25:58 +02:00
"misp-attribute": "authentihash",
"recommended": false
2017-02-13 11:18:42 +01:00
},
2017-07-03 12:13:38 +02:00
"size-in-bytes": {
2017-08-29 13:25:58 +02:00
"description": "Size of the file, in bytes",
2017-07-03 12:13:38 +02:00
"disable_correlation": true,
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-07-03 12:13:38 +02:00
"misp-attribute": "size-in-bytes"
2017-02-13 11:18:42 +01:00
},
2017-07-03 12:13:38 +02:00
"entropy": {
2017-08-29 13:25:58 +02:00
"description": "Entropy of the whole file",
2017-07-03 12:13:38 +02:00
"disable_correlation": true,
2017-07-03 16:50:13 +02:00
"ui-priority": 1,
2017-07-03 12:13:38 +02:00
"misp-attribute": "float"
},
"pattern-in-file": {
2017-08-29 13:25:58 +02:00
"description": "Pattern that can be found in the file",
2017-03-16 23:06:36 +01:00
"categories": [
"Artifacts dropped",
"Payload installation",
"External analysis"
2017-07-03 12:13:38 +02:00
],
2017-07-03 16:50:13 +02:00
"ui-priority": 1,
2017-07-03 12:13:38 +02:00
"misp-attribute": "pattern-in-file"
2017-02-13 11:18:42 +01:00
},
2017-07-03 12:13:38 +02:00
"text": {
2017-08-29 13:25:58 +02:00
"description": "Free text value to attach to the file",
2017-07-03 12:13:38 +02:00
"disable_correlation": true,
2017-07-03 16:50:13 +02:00
"ui-priority": 1,
2017-08-29 13:25:58 +02:00
"misp-attribute": "text",
"recommended": false
2017-03-12 23:06:39 +01:00
},
2017-07-03 12:13:38 +02:00
"malware-sample": {
2017-08-29 13:25:58 +02:00
"description": "The file itself (binary)",
2017-07-03 16:50:13 +02:00
"ui-priority": 1,
2017-07-03 12:13:38 +02:00
"misp-attribute": "malware-sample"
},
"filename": {
2017-08-29 13:25:58 +02:00
"description": "Filename on disk",
"disable_correlation": true,
2017-11-23 09:57:49 +01:00
"multiple": true,
2017-02-13 11:18:42 +01:00
"categories": [
2017-07-03 12:13:38 +02:00
"Payload delivery",
2017-02-13 11:18:42 +01:00
"Artifacts dropped",
"Payload installation",
"External analysis"
2017-07-03 12:13:38 +02:00
],
2017-07-03 16:50:13 +02:00
"ui-priority": 1,
2017-07-03 12:13:38 +02:00
"misp-attribute": "filename"
},
2018-04-09 15:56:39 +02:00
"path": {
"description": "Path of the filename complete or partial",
"disable_correlation": true,
"multiple": true,
"ui-priority": 0,
"misp-attribute": "text"
},
2017-07-03 12:13:38 +02:00
"tlsh": {
2017-08-29 13:25:58 +02:00
"description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
2017-07-03 16:50:13 +02:00
"ui-priority": 0,
2017-07-03 12:13:38 +02:00
"misp-attribute": "tlsh"
2017-08-23 11:01:48 +02:00
},
"certificate": {
"description": "Certificate value if the binary is signed with another authentication scheme than authenticode",
2017-12-03 11:42:56 +01:00
"ui-priority": 0,
"misp-attribute": "x509-fingerprint-sha1"
},
2017-08-23 11:01:48 +02:00
"mimetype": {
2017-08-29 13:25:58 +02:00
"description": "Mime type",
2017-08-23 11:01:48 +02:00
"disable_correlation": true,
"ui-priority": 0,
"misp-attribute": "mime-type"
},
"state": {
"misp-attribute": "text",
2017-10-23 20:35:07 +02:00
"ui-priority": 0,
"description": "State of the file",
"multiple": true,
"disable_correlation": true,
"values_list": [
"Malicious",
"Harmless",
"Signed",
"Revoked",
"Expired",
"Trusted"
]
2017-02-13 11:18:42 +01:00
}
},
2018-04-09 15:56:39 +02:00
"version": 11,
2017-07-03 12:13:38 +02:00
"description": "File object describing a file with meta-information",
"meta-category": "file",
"uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"name": "file"
2016-02-09 21:04:39 +01:00
}