-
Notifications
You must be signed in to change notification settings - Fork 131
Expand file tree
/
Copy pathdefinition.json
More file actions
83 lines (83 loc) · 3.09 KB
/
definition.json
File metadata and controls
83 lines (83 loc) · 3.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{
"attributes": {
"decryption_key": {
"description": "Specifies the decryption key for the encrypted binary data (either via payload_bin or url). For example, this may be useful in cases of sharing malware samples, which are often encoded in an encrypted archive.",
"misp-attribute": "text",
"ui-priority": 0
},
"encryption_algorithm": {
"description": "If the artifact is encrypted, specifies the type of encryption algorithm the binary data (either via payload_bin or url) is encoded in.",
"misp-attribute": "text",
"ui-priority": 0
},
"md5": {
"description": "[Insecure] MD5 hash (128 bits)",
"misp-attribute": "md5",
"recommended": false,
"ui-priority": 1
},
"mime_type": {
"description": "Whenever feasible, this value SHOULD be one of the values defined in the Template column in the IANA media type registry [Media Types]. Maintaining a comprehensive universal catalog of all extant file types is obviously not possible. When specifying a MIME Type not included in the IANA registry, implementers should use their best judgement so as to facilitate interoperability.",
"disable_correlation": true,
"misp-attribute": "mime-type",
"ui-priority": 0
},
"payload_bin": {
"description": "Specifies the binary data contained in the artifact as a base64-encoded string.",
"misp-attribute": "attachment",
"ui-priority": 0
},
"sha1": {
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
"misp-attribute": "sha1",
"recommended": false,
"ui-priority": 1
},
"sha256": {
"description": "Secure Hash Algorithm 2 (256 bits)",
"misp-attribute": "sha256",
"ui-priority": 1
},
"sha3-256": {
"description": "Secure Hash Algorithm 3 (256 bits)",
"misp-attribute": "sha3-256",
"recommended": false,
"ui-priority": 0
},
"sha3-512": {
"description": "Secure Hash Algorithm 3 (512 bits)",
"misp-attribute": "sha3-512",
"recommended": false,
"ui-priority": 0
},
"sha512": {
"description": "Secure Hash Algorithm 2 (512 bits)",
"misp-attribute": "sha512",
"ui-priority": 1
},
"ssdeep": {
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
"misp-attribute": "ssdeep",
"ui-priority": 0
},
"tlsh": {
"description": "Fuzzy hash by Trend Micro: Locality Sensitive Hash",
"misp-attribute": "tlsh",
"ui-priority": 0
},
"url": {
"description": "The value of this property MUST be a valid URL that resolves to the unencoded content. When present, at least one hash value MUST be present too.",
"misp-attribute": "url",
"ui-priority": 0
}
},
"description": "The Artifact object permits capturing an array of bytes (8-bits), as a base64-encoded string, or linking to a file-like payload. From STIX 2.1 (6.1)",
"meta-category": "file",
"name": "artifact",
"requiredOneOf": [
"payload_bin",
"url"
],
"uuid": "0a46df3a-bd9b-472c-a1e7-6aede7094483",
"version": 3
}