ikiril01
commented
10 years ago Great suggestion! I think it's highly likely we'll add this in the next version of the Win Executable File Object.
Open DaveCLowe opened 10 years ago
ikiril01
commented
10 years ago Great suggestion! I think it's highly likely we'll add this in the next version of the Win Executable File Object.
ikiril01
commented
9 years ago Renaming title for clarity.
ikiril01
commented
9 years ago Context: this is useful primarily for malware-related use cases, for capturing a useful hash associated with PE binaries (i.e. in MAEC), which could also serve as a standalone malware indicator (i.e. in STIX).
LOE: Low
Extend the Win_Executable_File_Object type to include a field for recording PE file import hash (imphash) values. https://www.mandiant.com/blog/tracking-malware-import-hashing/