diff --git a/objects/authenticode-signerinfo/definition.json b/objects/authenticode-signerinfo/definition.json index 64d6070..4681592 100644 --- a/objects/authenticode-signerinfo/definition.json +++ b/objects/authenticode-signerinfo/definition.json @@ -5,8 +5,20 @@ "misp-attribute": "text", "ui-priority": 0 }, + "digest-base64": { + "description": "Signature created by the signing certificate’s private key", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "digest_algorithm": { - "description": "Digest algorithm", + "description": "Algorithm used to hash the file.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "encryption_algorithm": { + "description": "Algorithm used to encrypt the digest", "disable_correlation": true, "misp-attribute": "text", "ui-priority": 0 @@ -22,6 +34,12 @@ "misp-attribute": "text", "ui-priority": 0 }, + "serial-number": { + "description": "Serial number of the certificate", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, "signature_algorithm": { "description": "Signature algorithm", "disable_correlation": true, @@ -55,8 +73,9 @@ "name": "authenticode-signerinfo", "requiredOneOf": [ "url", - "program-name" + "program-name", + "issuer" ], "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/pe/definition.json b/objects/pe/definition.json index fba3a8d..ae89b65 100644 --- a/objects/pe/definition.json +++ b/objects/pe/definition.json @@ -1,5 +1,10 @@ { "attributes": { + "authentihash": { + "description": "Authenticode executable signature hash (sha256)", + "misp-attribute": "authentihash", + "ui-priority": 1 + }, "company-name": { "description": "CompanyName in the resources", "disable_correlation": true, @@ -131,5 +136,5 @@ "impfuzzy" ], "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", - "version": 6 + "version": 7 } \ No newline at end of file