mirror of https://github.com/MISP/misp-objects
135 lines
3.7 KiB
JSON
135 lines
3.7 KiB
JSON
{
|
|
"attributes": {
|
|
"company-name": {
|
|
"description": "CompanyName in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"compilation-timestamp": {
|
|
"description": "Compilation timestamp defined in the PE header",
|
|
"misp-attribute": "datetime",
|
|
"ui-priority": 1
|
|
},
|
|
"entrypoint-address": {
|
|
"description": "Address of the entry point",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"entrypoint-section-at-position": {
|
|
"description": "Name of the section and position of the section in the PE",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"file-description": {
|
|
"description": "FileDescription in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"file-version": {
|
|
"description": "FileVersion in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"impfuzzy": {
|
|
"description": "Fuzzy Hash (ssdeep) calculated from the import table",
|
|
"misp-attribute": "impfuzzy",
|
|
"ui-priority": 0
|
|
},
|
|
"imphash": {
|
|
"description": "Hash (md5) calculated from the import table",
|
|
"misp-attribute": "imphash",
|
|
"ui-priority": 0
|
|
},
|
|
"internal-filename": {
|
|
"description": "InternalFilename in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "filename",
|
|
"ui-priority": 0
|
|
},
|
|
"lang-id": {
|
|
"description": "Lang ID in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"legal-copyright": {
|
|
"description": "LegalCopyright in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"number-sections": {
|
|
"description": "Number of sections",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "counter",
|
|
"ui-priority": 0
|
|
},
|
|
"original-filename": {
|
|
"description": "OriginalFilename in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "filename",
|
|
"ui-priority": 1
|
|
},
|
|
"pehash": {
|
|
"description": "Hash of the structural information about a sample. See https://www.usenix.org/legacy/event/leet09/tech/full_papers/wicherski/wicherski_html/",
|
|
"misp-attribute": "pehash",
|
|
"ui-priority": 0
|
|
},
|
|
"product-name": {
|
|
"description": "ProductName in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"product-version": {
|
|
"description": "ProductVersion in the resources",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"ui-priority": 0
|
|
},
|
|
"richpe": {
|
|
"description": "RichPE metadata hash",
|
|
"misp-attribute": "md5",
|
|
"multiple": true,
|
|
"ui-priority": 0
|
|
},
|
|
"text": {
|
|
"description": "Free text value to attach to the PE",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"recommended": false,
|
|
"ui-priority": 1
|
|
},
|
|
"type": {
|
|
"description": "Type of PE",
|
|
"disable_correlation": true,
|
|
"misp-attribute": "text",
|
|
"sane_default": [
|
|
"exe",
|
|
"dll",
|
|
"driver",
|
|
"unknown"
|
|
],
|
|
"ui-priority": 1
|
|
}
|
|
},
|
|
"description": "Object describing a Portable Executable",
|
|
"meta-category": "file",
|
|
"name": "pe",
|
|
"requiredOneOf": [
|
|
"text",
|
|
"type",
|
|
"original-filename",
|
|
"internal-filename",
|
|
"entrypoint-address",
|
|
"imphash",
|
|
"impfuzzy"
|
|
],
|
|
"uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
|
|
"version": 6
|
|
} |