From e931bbbd1cd833d63c24de5101b2cceab4f029d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Thu, 9 Mar 2017 14:14:36 +0100 Subject: [PATCH] Add PE object --- objects/pe/definition.json | 65 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 objects/pe/definition.json diff --git a/objects/pe/definition.json b/objects/pe/definition.json new file mode 100644 index 0000000..f015a64 --- /dev/null +++ b/objects/pe/definition.json @@ -0,0 +1,65 @@ +{ + "name": "pe", + "meta-category": "file", + "description": "Object describing a Portable Executable", + "version": 1, + "attributes": { + "imphash": { + "misp-attribute": "imphash", + "misp-usage-frequency": 0 + }, + "text": { + "misp-attribute": "text", + "misp-usage-frequency": 1 + }, + "original-filename": { + "misp-attribute": "original-filename", + "misp-usage-frequency": 1 + }, + "internal-filename": { + "misp-attribute": "original-filename", + "misp-usage-frequency": 0 + }, + "compilation-timestamp": { + "misp-attribute": "datetime", + "misp-usage-frequency": 1 + }, + "entropy": { + "misp-attribute": "float", + "misp-usage-frequency": 0 + }, + "entrypoint-section": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "entrypoint-address": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "file-description": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "file-version": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "lang-id": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "product-name": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + }, + "product-version": { + "misp-attribute": "text", + "misp-usage-frequency": 0 + } + }, + "requiredOneOf": [ + "text", + "original-filename", + "internal-filename" + ] +}