From 8587b1a71b3f9c1d74d1910eaaec1d293c33b229 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 9 Feb 2016 21:04:39 +0100
Subject: [PATCH] First version of the file object

---
 objects/file/definition.json | 72 ++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 objects/file/definition.json

diff --git a/objects/file/definition.json b/objects/file/definition.json
new file mode 100644
index 0000000..4f650a9
--- /dev/null
+++ b/objects/file/definition.json
@@ -0,0 +1,72 @@
+{
+        "name": "file",
+        "meta-category": "file",
+        "description": "File object describing a file with meta-information",
+        "version": 1,
+        "attributes" :
+        {
+                "filename": {
+                        "misp-attribute": "filename",
+                        "misp-usage-frequency": 1,
+                        "categories": ["Payload delivery","Artifacts dropped","Payload installation","External analysis"]
+                },
+                "size-in-bytes": {
+                        "misp-attribute": "size-in-bytes",
+                        "misp-usage-frequency": 0
+                },
+                "authentihash": {
+                        "misp-attribute": "authentihash",
+                        "misp-usage-frequency": 0
+                },
+                "ssdeep": {
+                        "misp-attribute": "ssdeep",
+                        "misp-usage-frequency": 0
+                },
+                "imphash": {
+                        "misp-attribute": "imphash",
+                        "misp-usage-frequency": 0
+                },
+                "pehash": {
+                        "misp-attribute": "pehash",
+                        "misp-usage-frequency": 0
+                },
+                "sha-224": {
+                        "misp-attribute": "sha-224",
+                        "misp-usage-frequency": 0
+                },
+                "sha-384": {
+                        "misp-attribute": "sha-384",
+                        "misp-usage-frequency": 0
+                },
+                "sha-512": {
+                        "misp-attribute": "sha-512",
+                        "misp-usage-frequency": 0
+                },
+                "sha-512/224": {
+                        "misp-attribute": "sha-512/224",
+                        "misp-usage-frequency": 0
+                },
+                "sha-512/256": {
+                        "misp-attribute": "sha-512/256",
+                        "misp-usage-frequency": 0
+                },
+                "tlsh": {
+                        "misp-attribute": "tlsh",
+                        "misp-usage-frequency": 0
+                },
+                "md5": {
+                        "misp-attribute": "md5",
+                        "misp-usage-frequency": 1
+                },
+                "sha1": {
+                        "misp-attribute": "sha1",
+                        "misp-usage-frequency": 1
+                },
+                "sha256": {
+                        "misp-attribute": "sha256",
+                        "misp-usage-frequency": 1
+                } 
+
+        },
+        "requiredOneOf": ["filename", "size-in-bytes", "authentihash", "ssdeep", "imphash", "pehash", "sha-224", "sha-384", "sha-512", "sha-512/224", "sha-512/256", "tlsh", "md5", "sha1", "sha256"]
+}