STIX Wiki

File

The File object represents the properties of a file. A File object MUST contain at least one of hashes or name.

TODO: Add extensions TODO: Add examples

Properties

Required Common Properties

typeid

Optional Common Properties

spec_versionobject_marking_refsgranular_markingsdefangedextensions

Not Applicable

created_by_refrevokedlabelsconfidencelangexternal_references

File Specific

extensionshashessizenamename_encmagic_number_hexmime_typectimemtimeatimeparent_directory_refcontains_refscontent_ref

Property	Type	Description
`type`optional	`string`	The value of this property MUST be `file`.
`extensions`optional		The File Object defines the following extensions. In addition to these, producers MAY create their own. Extensions: ntfs-ext, raster-image-ext, pdf-ext, archive-ext, windows-pebinary-ext
`hashes`optional	`object`	Specifies a dictionary of hashes for the file.
`size`optional	`integer`	Specifies the size of the file, in bytes, as a non-negative integer.
`name`optional	`string`	Specifies the name of the file.
`name_enc`optional	`string`	Specifies the observed encoding for the name of the file.
`magic_number_hex`optional	`string`	The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.
`mime_type`optional	`string`	Specifies the MIME type name specified for the file, e.g., 'application/msword'.
`ctime`optional	`string`	Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
`mtime`optional	`string`	Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
`atime`optional	`string`	Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
`parent_directory_ref`optional	`string`	Specifies the parent directory of the file, as a reference to a Directory Object.
`contains_refs`optional	list of `string`	Specifies a list of references to other Observable Objects contained within the file.
`content_ref`optional	`string`	Specifies the content of the file, represented as an Artifact Object.

File

The File object represents the properties of a file. A File object MUST contain at least one of hashes or name.

TODO: Add extensions TODO: Add examples

Properties

Required Common Properties

typeid

Optional Common Properties

spec_versionobject_marking_refsgranular_markingsdefangedextensions

Not Applicable

created_by_refrevokedlabelsconfidencelangexternal_references

File Specific

extensionshashessizenamename_encmagic_number_hexmime_typectimemtimeatimeparent_directory_refcontains_refscontent_ref

Property	Type	Description
`type`optional	`string`	The value of this property MUST be `file`.
`extensions`optional		The File Object defines the following extensions. In addition to these, producers MAY create their own. Extensions: ntfs-ext, raster-image-ext, pdf-ext, archive-ext, windows-pebinary-ext
`hashes`optional	`object`	Specifies a dictionary of hashes for the file.
`size`optional	`integer`	Specifies the size of the file, in bytes, as a non-negative integer.
`name`optional	`string`	Specifies the name of the file.
`name_enc`optional	`string`	Specifies the observed encoding for the name of the file.
`magic_number_hex`optional	`string`	The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.
`mime_type`optional	`string`	Specifies the MIME type name specified for the file, e.g., 'application/msword'.
`ctime`optional	`string`	Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
`mtime`optional	`string`	Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
`atime`optional	`string`	Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.
`parent_directory_ref`optional	`string`	Specifies the parent directory of the file, as a reference to a Directory Object.
`contains_refs`optional	list of `string`	Specifies a list of references to other Observable Objects contained within the file.
`content_ref`optional	`string`	Specifies the content of the file, represented as an Artifact Object.

File

Properties

On this page

File

Properties

On this page