Skip to content

Commit a755d50

Browse files
RafiotRafiot
committed
Update file and pe, add pe-section
1 parent e931bbb commit a755d50

File tree

3 files changed

+81
-34
lines changed

3 files changed

+81
-34
lines changed

objects/file/definition.json

Lines changed: 19 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -26,32 +26,28 @@
2626
"misp-attribute": "ssdeep",
2727
"misp-usage-frequency": 0
2828
},
29-
"imphash": {
30-
"misp-attribute": "imphash",
31-
"misp-usage-frequency": 0
32-
},
3329
"pehash": {
3430
"misp-attribute": "pehash",
3531
"misp-usage-frequency": 0
3632
},
37-
"sha-224": {
38-
"misp-attribute": "sha-224",
33+
"sha224": {
34+
"misp-attribute": "sha224",
3935
"misp-usage-frequency": 0
4036
},
41-
"sha-384": {
42-
"misp-attribute": "sha-384",
37+
"sha384": {
38+
"misp-attribute": "sha384",
4339
"misp-usage-frequency": 0
4440
},
45-
"sha-512": {
46-
"misp-attribute": "sha-512",
41+
"sha512": {
42+
"misp-attribute": "sha512",
4743
"misp-usage-frequency": 0
4844
},
49-
"sha-512/224": {
50-
"misp-attribute": "sha-512/224",
45+
"sha512/224": {
46+
"misp-attribute": "sha512/224",
5147
"misp-usage-frequency": 0
5248
},
53-
"sha-512/256": {
54-
"misp-attribute": "sha-512/256",
49+
"sha512/256": {
50+
"misp-attribute": "sha512/256",
5551
"misp-usage-frequency": 0
5652
},
5753
"tlsh": {
@@ -70,6 +66,10 @@
7066
"misp-attribute": "sha256",
7167
"misp-usage-frequency": 1
7268
},
69+
"entropy": {
70+
"misp-attribute": "float",
71+
"misp-usage-frequency": 1
72+
},
7373
"pattern-in-file": {
7474
"misp-attribute": "pattern-in-file",
7575
"misp-usage-frequency": 1,
@@ -82,14 +82,6 @@
8282
"text": {
8383
"misp-attribute": "text",
8484
"misp-usage-frequency": 1
85-
},
86-
"original-filename": {
87-
"misp-attribute": "original-filename",
88-
"misp-usage-frequency": 0
89-
},
90-
"compilation-timestamp": {
91-
"misp-attribute": "compilation-timestamp",
92-
"misp-usage-frequency": 0
9385
}
9486
},
9587
"requiredOneOf": [
@@ -99,11 +91,11 @@
9991
"ssdeep",
10092
"imphash",
10193
"pehash",
102-
"sha-224",
103-
"sha-384",
104-
"sha-512",
105-
"sha-512/224",
106-
"sha-512/256",
94+
"sha224",
95+
"sha384",
96+
"sha512",
97+
"sha512/224",
98+
"sha512/256",
10799
"tlsh",
108100
"md5",
109101
"sha1",

objects/pe-section/definition.json

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
{
2+
"name": "pe-section",
3+
"meta-category": "file",
4+
"description": "Object describing a section of a Portable Executable",
5+
"version": 1,
6+
"attributes": {
7+
"name": {
8+
"misp-attribute": "text",
9+
"misp-usage-frequency": 1
10+
},
11+
"text": {
12+
"misp-attribute": "text",
13+
"misp-usage-frequency": 1
14+
},
15+
"size-in-bytes": {
16+
"misp-attribute": "size-in-bytes",
17+
"misp-usage-frequency": 1
18+
},
19+
"entropy": {
20+
"misp-attribute": "float",
21+
"misp-usage-frequency": 0
22+
},
23+
"md5": {
24+
"misp-attribute": "md5",
25+
"misp-usage-frequency": 1
26+
},
27+
"sha1": {
28+
"misp-attribute": "sha1",
29+
"misp-usage-frequency": 0
30+
},
31+
"sha256": {
32+
"misp-attribute": "sha256",
33+
"misp-usage-frequency": 0
34+
},
35+
"sha512": {
36+
"misp-attribute": "sha512",
37+
"misp-usage-frequency": 0
38+
}
39+
},
40+
"requiredOneOf": [
41+
"text",
42+
"name",
43+
"sha1",
44+
"sha256",
45+
"sha512"
46+
]
47+
}

objects/pe/definition.json

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,22 +13,18 @@
1313
"misp-usage-frequency": 1
1414
},
1515
"original-filename": {
16-
"misp-attribute": "original-filename",
16+
"misp-attribute": "text",
1717
"misp-usage-frequency": 1
1818
},
1919
"internal-filename": {
20-
"misp-attribute": "original-filename",
20+
"misp-attribute": "text",
2121
"misp-usage-frequency": 0
2222
},
2323
"compilation-timestamp": {
2424
"misp-attribute": "datetime",
2525
"misp-usage-frequency": 1
2626
},
27-
"entropy": {
28-
"misp-attribute": "float",
29-
"misp-usage-frequency": 0
30-
},
31-
"entrypoint-section": {
27+
"entrypoint-section|position": {
3228
"misp-attribute": "text",
3329
"misp-usage-frequency": 0
3430
},
@@ -55,6 +51,18 @@
5551
"product-version": {
5652
"misp-attribute": "text",
5753
"misp-usage-frequency": 0
54+
},
55+
"company-name": {
56+
"misp-attribute": "text",
57+
"misp-usage-frequency": 0
58+
},
59+
"legal-copyright": {
60+
"misp-attribute": "text",
61+
"misp-usage-frequency": 0
62+
},
63+
"pe-type": {
64+
"misp-attribute": "text",
65+
"misp-usage-frequency": 0
5866
}
5967
},
6068
"requiredOneOf": [

0 commit comments

Comments
 (0)