Closed elhoim closed 11 years ago
The Hash entity currently has a primary attribute of hash, and secondary attributes for Additional Hash, Filename, and AV Name. I left the "Additional Hash" open since it allowed people to use the hash they choose. Additionally, the primary attribute is not limited to a certain number of characters, so an analyst should be able to use whichever hash they desire.
Do those notes address your concern?
Yes!
My bad i checked the md5 hash entity under Infrastructure and not the Hash entity under Malware.
No problem. The inclusion of that MD5 hash is actually a mistake, so thanks! :-)
Have only one type of entity to avoid having too many entities.
Rationale: When seeing malware reports, there are often multiple hashes (of different types) given for the same file. It would be great to unify them in a single Entity with multiple attributes (ie: md5/sha-1/etc..).