{ "attributes": { "access-time": { "description": "The last time the file was accessed", "misp-attribute": "datetime", "ui-priority": 0 }, "attachment": { "description": "A non-malicious file.", "misp-attribute": "attachment", "ui-priority": 1 }, "authentihash": { "description": "Authenticode executable signature hash", "misp-attribute": "authentihash", "recommended": false, "ui-priority": 0 }, "certificate": { "description": "Certificate value if the binary is signed with another authentication scheme than authenticode", "misp-attribute": "x509-fingerprint-sha1", "ui-priority": 0 }, "compilation-timestamp": { "description": "Compilation timestamp", "misp-attribute": "datetime", "ui-priority": 0 }, "creation-time": { "description": "Creation time of the file", "misp-attribute": "datetime", "ui-priority": 0 }, "dom-hash": { "description": "Dom-hash of the file", "misp-attribute": "dom-hash", "ui-priority": 0 }, "entropy": { "description": "Entropy of the whole file", "disable_correlation": true, "misp-attribute": "float", "ui-priority": 1 }, "file-encoding": { "description": "Encoding format of the file", "disable_correlation": true, "misp-attribute": "text", "sane_default": [ "Adobe-Standard-Encoding", "Adobe-Symbol-Encoding", "Amiga-1251", "ANSI_X3.110-1983", "ASMO_449", "Big5", "Big5-HKSCS", "BOCU-1", "BRF", "BS_4730", "BS_viewdata", "CESU-8", "CP50220", "CP51932", "CSA_Z243.4-1985-1", "CSA_Z243.4-1985-2", "CSA_Z243.4-1985-gr", "CSN_369103", "DEC-MCS", "DIN_66003", "dk-us", "DS_2089", "EBCDIC-AT-DE", "EBCDIC-AT-DE-A", "EBCDIC-CA-FR", "EBCDIC-DK-NO", "EBCDIC-DK-NO-A", "EBCDIC-ES", "EBCDIC-ES-A", "EBCDIC-ES-S", "EBCDIC-FI-SE", "EBCDIC-FI-SE-A", "EBCDIC-FR", "EBCDIC-IT", "EBCDIC-PT", "EBCDIC-UK", "EBCDIC-US", "ECMA-cyrillic", "ES", "ES2", "EUC-KR", "Extended_UNIX_Code_Fixed_Width_for_Japanese", "Extended_UNIX_Code_Packed_Format_for_Japanese", "GB18030", "GB_1988-80", "GB2312", "GB_2312-80", "GBK", "GOST_19768-74", "greek7", "greek7-old", "greek-ccitt", "HP-DeskTop", "HP-Legal", "HP-Math8", "HP-Pi-font", "hp-roman8", "HZ-GB-2312", "IBM00858", "IBM00924", "IBM01140", "IBM01141", "IBM01142", "IBM01143", "IBM01144", "IBM01145", "IBM01146", "IBM01147", "IBM01148", "IBM01149", "IBM037", "IBM038", "IBM1026", "IBM1047", "IBM273", "IBM274", "IBM275", "IBM277", "IBM278", "IBM280", "IBM281", "IBM284", "IBM285", "IBM290", "IBM297", "IBM420", "IBM423", "IBM424", "IBM437", "IBM500", "IBM775", "IBM850", "IBM851", "IBM852", "IBM855", "IBM857", "IBM860", "IBM861", "IBM862", "IBM863", "IBM864", "IBM865", "IBM866", "IBM868", "IBM869", "IBM870", "IBM871", "IBM880", "IBM891", "IBM903", "IBM904", "IBM905", "IBM918", "IBM-Symbols", "IBM-Thai", "IEC_P27-1", "INIS", "INIS-8", "INIS-cyrillic", "INVARIANT", "ISO_10367-box", "ISO-10646-J-1", "ISO-10646-UCS-2", "ISO-10646-UCS-4", "ISO-10646-UCS-Basic", "ISO-10646-Unicode-Latin1", "ISO-10646-UTF-1", "ISO-11548-1", "ISO-2022-CN", "ISO-2022-CN-EXT", "ISO-2022-JP", "ISO-2022-JP-2", "ISO-2022-KR", "ISO_2033-1983", "ISO_5427", "ISO_5427:1981", "ISO_5428:1980", "ISO_646.basic:1983", "ISO_646.irv:1983", "ISO_6937-2-25", "ISO_6937-2-add", "ISO-8859-10", "ISO_8859-1:1987", "ISO-8859-13", "ISO-8859-14", "ISO-8859-15", "ISO-8859-16", "ISO-8859-1-Windows-3.0-Latin-1", "ISO-8859-1-Windows-3.1-Latin-1", "ISO_8859-2:1987", "ISO-8859-2-Windows-Latin-2", "ISO_8859-3:1988", "ISO_8859-4:1988", "ISO_8859-5:1988", "ISO_8859-6:1987", "ISO_8859-6-E", "ISO_8859-6-I", "ISO_8859-7:1987", "ISO_8859-8:1988", "ISO_8859-8-E", "ISO_8859-8-I", "ISO_8859-9:1989", "ISO-8859-9-Windows-Latin-5", "ISO_8859-supp", "iso-ir-90", "ISO-Unicode-IBM-1261", "ISO-Unicode-IBM-1264", "ISO-Unicode-IBM-1265", "ISO-Unicode-IBM-1268", "ISO-Unicode-IBM-1276", "IT", "JIS_C6220-1969-jp", "JIS_C6220-1969-ro", "JIS_C6226-1978", "JIS_C6226-1983", "JIS_C6229-1984-a", "JIS_C6229-1984-b", "JIS_C6229-1984-b-add", "JIS_C6229-1984-hand", "JIS_C6229-1984-hand-add", "JIS_C6229-1984-kana", "JIS_Encoding", "JIS_X0201", "JIS_X0212-1990", "JUS_I.B1.002", "JUS_I.B1.003-mac", "JUS_I.B1.003-serb", "KOI7-switched", "KOI8-R", "KOI8-U", "KS_C_5601-1987", "KSC5636", "KZ-1048", "latin-greek", "Latin-greek-1", "latin-lap", "macintosh", "Microsoft-Publishing", "MNEM", "MNEMONIC", "MSZ_7795.3", "Name", "NATS-DANO", "NATS-DANO-ADD", "NATS-SEFI", "NATS-SEFI-ADD", "NC_NC00-10:81", "NF_Z_62-010", "NF_Z_62-010_(1973)", "NS_4551-1", "NS_4551-2", "OSD_EBCDIC_DF03_IRV", "OSD_EBCDIC_DF04_1", "OSD_EBCDIC_DF04_15", "PC8-Danish-Norwegian", "PC8-Turkish", "PT", "PT2", "PTCP154", "SCSU", "SEN_850200_B", "SEN_850200_C", "Shift_JIS", "T.101-G2", "T.61-7bit", "T.61-8bit", "TIS-620", "TSCII", "UNICODE-1-1", "UNICODE-1-1-UTF-7", "UNKNOWN-8BIT", "US-ASCII", "us-dk", "UTF-16", "UTF-16BE", "UTF-16LE", "UTF-32", "UTF-32BE", "UTF-32LE", "UTF-7", "UTF-8", "Ventura-International", "Ventura-Math", "Ventura-US", "videotex-suppl", "VIQR", "VISCII", "windows-1250", "windows-1251", "windows-1252", "windows-1253", "windows-1254", "windows-1255", "windows-1256", "windows-1257", "windows-1258", "Windows-31J", "windows-874" ], "ui-priority": 0 }, "filename": { "categories": [ "Payload delivery", "Artifacts dropped", "Payload installation", "External analysis" ], "description": "Filename on disk", "disable_correlation": true, "misp-attribute": "filename", "multiple": true, "ui-priority": 1 }, "fullpath": { "description": "Complete path of the filename including the filename", "misp-attribute": "text", "multiple": true, "ui-priority": 0 }, "imphash": { "description": "Hash (md5) calculated from the PE import table", "misp-attribute": "imphash", "ui-priority": 0 }, "malware-sample": { "description": "The file itself (binary)", "misp-attribute": "malware-sample", "ui-priority": 1 }, "md5": { "description": "[Insecure] MD5 hash (128 bits)", "misp-attribute": "md5", "recommended": false, "ui-priority": 1 }, "mimetype": { "description": "Mime type", "disable_correlation": true, "misp-attribute": "mime-type", "ui-priority": 0 }, "modification-time": { "description": "Last time the file was modified", "misp-attribute": "datetime", "ui-priority": 0 }, "path": { "description": "Path of the filename complete or partial", "disable_correlation": true, "misp-attribute": "text", "multiple": true, "ui-priority": 0 }, "pattern-in-file": { "categories": [ "Artifacts dropped", "Payload installation", "External analysis" ], "description": "Pattern that can be found in the file", "misp-attribute": "pattern-in-file", "multiple": true, "ui-priority": 1 }, "sha1": { "description": "[Insecure] Secure Hash Algorithm 1 (160 bits)", "misp-attribute": "sha1", "recommended": false, "ui-priority": 1 }, "sha224": { "description": "Secure Hash Algorithm 2 (224 bits)", "misp-attribute": "sha224", "recommended": false, "ui-priority": 0 }, "sha256": { "description": "Secure Hash Algorithm 2 (256 bits)", "misp-attribute": "sha256", "ui-priority": 1 }, "sha3-224": { "description": "Secure Hash Algorithm 3 (224 bits)", "misp-attribute": "sha3-224", "recommended": false, "ui-priority": 0 }, "sha3-256": { "description": "Secure Hash Algorithm 3 (256 bits)", "misp-attribute": "sha3-256", "recommended": false, "ui-priority": 0 }, "sha3-384": { "description": "Secure Hash Algorithm 3 (384 bits)", "misp-attribute": "sha3-384", "recommended": false, "ui-priority": 0 }, "sha3-512": { "description": "Secure Hash Algorithm 3 (512 bits)", "misp-attribute": "sha3-512", "recommended": false, "ui-priority": 0 }, "sha384": { "description": "Secure Hash Algorithm 2 (384 bits)", "misp-attribute": "sha384", "recommended": false, "ui-priority": 0 }, "sha512": { "description": "Secure Hash Algorithm 2 (512 bits)", "misp-attribute": "sha512", "ui-priority": 1 }, "sha512/224": { "description": "Secure Hash Algorithm 2 (224 bits)", "misp-attribute": "sha512/224", "recommended": false, "ui-priority": 0 }, "sha512/256": { "description": "Secure Hash Algorithm 2 (256 bits)", "misp-attribute": "sha512/256", "recommended": false, "ui-priority": 0 }, "size-in-bytes": { "description": "Size of the file, in bytes", "disable_correlation": true, "misp-attribute": "size-in-bytes", "ui-priority": 0 }, "ssdeep": { "description": "Fuzzy hash using context triggered piecewise hashes (CTPH)", "misp-attribute": "ssdeep", "ui-priority": 0 }, "state": { "description": "State of the file", "disable_correlation": true, "misp-attribute": "text", "multiple": true, "ui-priority": 0, "values_list": [ "Malicious", "Harmless", "Signed", "Revoked", "Expired", "Trusted" ] }, "telfhash": { "description": "telfhash - Symbol hash for ELF files.", "misp-attribute": "telfhash", "ui-priority": 0 }, "text": { "description": "Free text value to attach to the file", "disable_correlation": true, "misp-attribute": "text", "multiple": true, "recommended": false, "ui-priority": 1 }, "tlsh": { "description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash", "misp-attribute": "tlsh", "ui-priority": 0 }, "vhash": { "description": "vhash by VirusTotal", "misp-attribute": "vhash", "ui-priority": 0 } }, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "requiredOneOf": [ "filename", "size-in-bytes", "authentihash", "ssdeep", "md5", "sha1", "sha224", "sha256", "sha384", "sha512", "sha512/224", "sha512/256", "sha3-224", "sha3-256", "sha3-384", "sha3-512", "tlsh", "telfhash", "imphash", "pattern-in-file", "certificate", "malware-sample", "attachment", "path", "fullpath" ], "uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "version": 25 }