Unified hash entity

[elhoim]

Have only one type of entity to avoid having too many entities.

Rationale: When seeing malware reports, there are often multiple hashes (of different types) given for the same file. It would be great to unify them in a single Entity with multiple attributes (ie: md5/sha-1/etc..).

[digital4rensics]

The Hash entity currently has a primary attribute of hash, and secondary attributes for Additional Hash, Filename, and AV Name. I left the "Additional Hash" open since it allowed people to use the hash they choose. Additionally, the primary attribute is not limited to a certain number of characters, so an analyst should be able to use whichever hash they desire.

Do those notes address your concern?

[elhoim]

Yes!

My bad i checked the md5 hash entity under Infrastructure and not the Hash entity under Malware.

[digital4rensics]

No problem. The inclusion of that MD5 hash is actually a mistake, so thanks! :-)