From 1e14201fc03dd93a78e645a478be5c842be2097c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Tue, 19 Jan 2021 15:38:31 +0100
Subject: [PATCH] chg: Update objects to match lief output for authenticode

---
 .../authenticode-signerinfo/definition.json   | 25 ++++++++++++++++---
 objects/pe/definition.json                    |  7 +++++-
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/objects/authenticode-signerinfo/definition.json b/objects/authenticode-signerinfo/definition.json
index 64d6070..4681592 100644
--- a/objects/authenticode-signerinfo/definition.json
+++ b/objects/authenticode-signerinfo/definition.json
@@ -5,8 +5,20 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
+    "digest-base64": {
+      "description": "Signature created by the signing certificate’s private key",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
     "digest_algorithm": {
-      "description": "Digest algorithm",
+      "description": "Algorithm used to hash the file.",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
+    "encryption_algorithm": {
+      "description": "Algorithm used to encrypt the digest",
       "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 0
@@ -22,6 +34,12 @@
       "misp-attribute": "text",
       "ui-priority": 0
     },
+    "serial-number": {
+      "description": "Serial number of the certificate",
+      "disable_correlation": true,
+      "misp-attribute": "text",
+      "ui-priority": 0
+    },
     "signature_algorithm": {
       "description": "Signature algorithm",
       "disable_correlation": true,
@@ -55,8 +73,9 @@
   "name": "authenticode-signerinfo",
   "requiredOneOf": [
     "url",
-    "program-name"
+    "program-name",
+    "issuer"
   ],
   "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file
diff --git a/objects/pe/definition.json b/objects/pe/definition.json
index fba3a8d..ae89b65 100644
--- a/objects/pe/definition.json
+++ b/objects/pe/definition.json
@@ -1,5 +1,10 @@
 {
   "attributes": {
+    "authentihash": {
+      "description": "Authenticode executable signature hash (sha256)",
+      "misp-attribute": "authentihash",
+      "ui-priority": 1
+    },
     "company-name": {
       "description": "CompanyName in the resources",
       "disable_correlation": true,
@@ -131,5 +136,5 @@
     "impfuzzy"
   ],
   "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
-  "version": 6
+  "version": 7
 }
\ No newline at end of file