misp-objects/objects/pe/definition.json

{
  "attributes": {
    "authentihash": {
      "description": "Authenticode executable signature hash (sha256)",
      "misp-attribute": "authentihash",
      "ui-priority": 1
    },
    "company-name": {
      "description": "CompanyName in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "compilation-timestamp": {
      "description": "Compilation timestamp defined in the PE header",
      "misp-attribute": "datetime",
      "ui-priority": 1
    },
    "entrypoint-address": {
      "description": "Address of the entry point",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "entrypoint-section-at-position": {
      "description": "Name of the section and position of the section in the PE",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "file-description": {
      "description": "FileDescription in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "file-version": {
      "description": "FileVersion in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "impfuzzy": {
      "description": "Fuzzy Hash (ssdeep) calculated from the import table",
      "misp-attribute": "impfuzzy",
      "ui-priority": 0
    },
    "imphash": {
      "description": "Hash (md5) calculated from the import table",
      "misp-attribute": "imphash",
      "ui-priority": 0
    },
    "internal-filename": {
      "description": "InternalFilename in the resources",
      "disable_correlation": true,
      "misp-attribute": "filename",
      "ui-priority": 0
    },
    "lang-id": {
      "description": "Lang ID in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "legal-copyright": {
      "description": "LegalCopyright in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "number-sections": {
      "description": "Number of sections",
      "disable_correlation": true,
      "misp-attribute": "counter",
      "ui-priority": 0
    },
    "original-filename": {
      "description": "OriginalFilename in the resources",
      "disable_correlation": true,
      "misp-attribute": "filename",
      "ui-priority": 1
    },
    "pehash": {
      "description": "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/",
      "misp-attribute": "pehash",
      "ui-priority": 0
    },
    "product-name": {
      "description": "ProductName in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "product-version": {
      "description": "ProductVersion in the resources",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "richpe": {
      "description": "RichPE metadata hash",
      "misp-attribute": "md5",
      "multiple": true,
      "ui-priority": 0
    },
    "text": {
      "description": "Free text value to attach to the PE",
      "disable_correlation": true,
      "misp-attribute": "text",
      "recommended": false,
      "ui-priority": 1
    },
    "type": {
      "description": "Type of PE",
      "disable_correlation": true,
      "misp-attribute": "text",
      "sane_default": [
        "exe",
        "dll",
        "driver",
        "unknown"
      ],
      "ui-priority": 1
    }
  },
  "description": "Object describing a Portable Executable",
  "meta-category": "file",
  "name": "pe",
  "requiredOneOf": [
    "text",
    "type",
    "original-filename",
    "internal-filename",
    "entrypoint-address",
    "imphash",
    "impfuzzy"
  ],
  "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
  "version": 7
}
Add PE object 2017-03-09 14:14:36 +01:00			`{`
			`"attributes": {`
chg: Update objects to match lief output for authenticode 2021-01-19 15:38:31 +01:00			`"authentihash": {`
			`"description": "Authenticode executable signature hash (sha256)",`
			`"misp-attribute": "authentihash",`
			`"ui-priority": 1`
			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"company-name": {`
			`"description": "CompanyName in the resources",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
correct travis 2017-03-15 11:30:54 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"compilation-timestamp": {`
			`"description": "Compilation timestamp defined in the PE header",`
			`"misp-attribute": "datetime",`
			`"ui-priority": 1`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"entrypoint-address": {`
			`"description": "Address of the entry point",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"entrypoint-section-at-position": {`
			`"description": "Name of the section and position of the section in the PE",`
Update PE object 2017-03-14 15:57:05 +01:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"file-description": {`
			`"description": "FileDescription in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"misp-attribute": "text",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"ui-priority": 0`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"file-version": {`
			`"description": "FileVersion in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
			`},`
			`"impfuzzy": {`
			`"description": "Fuzzy Hash (ssdeep) calculated from the import table",`
			`"misp-attribute": "impfuzzy",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"imphash": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "Hash (md5) calculated from the import table",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "imphash",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"internal-filename": {`
			`"description": "InternalFilename in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "filename",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"lang-id": {`
			`"description": "Lang ID in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"legal-copyright": {`
			`"description": "LegalCopyright in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"number-sections": {`
			`"description": "Number of sections",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "counter",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"original-filename": {`
			`"description": "OriginalFilename in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "filename",`
			`"ui-priority": 1`
			`},`
			`"pehash": {`
			`"description": "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/",`
			`"misp-attribute": "pehash",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"product-name": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "ProductName in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
Add PE object 2017-03-09 14:14:36 +01:00			`},`
			`"product-version": {`
Update definitions of binaries 2017-08-29 13:25:58 +02:00			`"description": "ProductVersion in the resources",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
Update file and pe, add pe-section 2017-03-12 23:06:39 +01:00			`},`
chg: [pe] richpe 2020-08-20 10:39:49 +02:00			`"richpe": {`
			`"description": "RichPE metadata hash",`
			`"misp-attribute": "md5",`
chg: [pe] multiple is true not 1 ;-) 2020-08-20 10:44:41 +02:00			`"multiple": true,`
chg: [pe] richpe 2020-08-20 10:39:49 +02:00			`"ui-priority": 0`
			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"text": {`
			`"description": "Free text value to attach to the PE",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"recommended": false,`
			`"ui-priority": 1`
Update file and pe, add pe-section 2017-03-12 23:06:39 +01:00			`},`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"type": {`
			`"description": "Type of PE",`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"disable_correlation": true,`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"misp-attribute": "text",`
			`"sane_default": [`
			`"exe",`
			`"dll",`
			`"driver",`
			`"unknown"`
			`],`
			`"ui-priority": 1`
Add PE object 2017-03-09 14:14:36 +01:00			`}`
			`},`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"description": "Object describing a Portable Executable",`
			`"meta-category": "file",`
chg: Sort all the entries in the templates by default 2020-04-26 02:10:02 +02:00			`"name": "pe",`
			`"requiredOneOf": [`
			`"text",`
			`"type",`
			`"original-filename",`
			`"internal-filename",`
			`"entrypoint-address",`
			`"imphash",`
			`"impfuzzy"`
			`],`
misp-usage-frequency updated 2017-07-03 12:17:46 +02:00			`"uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",`
chg: Update objects to match lief output for authenticode 2021-01-19 15:38:31 +01:00			`"version": 7`
chg: [misp-objects] newline newline newline is the evil 2020-08-20 10:53:06 +02:00			`}`