2017-03-12 23:06:39 +01:00
|
|
|
|
{
|
|
|
|
|
"attributes": {
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"characteristic": {
|
|
|
|
|
"description": "Characteristic of the section",
|
|
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"sane_default": [
|
|
|
|
|
"read",
|
|
|
|
|
"write",
|
|
|
|
|
"executable"
|
|
|
|
|
],
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
|
|
|
|
"entropy": {
|
|
|
|
|
"description": "Entropy of the whole section",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"misp-attribute": "float",
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
2017-08-29 13:25:58 +02:00
|
|
|
|
"md5": {
|
|
|
|
|
"description": "[Insecure] MD5 hash (128 bits)",
|
|
|
|
|
"misp-attribute": "md5",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
|
|
|
|
"name": {
|
|
|
|
|
"description": "Name of the section",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"sane_default": [
|
|
|
|
|
".rsrc",
|
|
|
|
|
".reloc",
|
|
|
|
|
".rdata",
|
|
|
|
|
".data",
|
|
|
|
|
".text"
|
|
|
|
|
],
|
|
|
|
|
"ui-priority": 1
|
|
|
|
|
},
|
|
|
|
|
"offset": {
|
|
|
|
|
"description": "Section’s offset",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"misp-attribute": "hex",
|
|
|
|
|
"ui-priority": 1
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha1": {
|
|
|
|
|
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
|
|
|
|
|
"misp-attribute": "sha1",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 1
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha224": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
|
|
|
|
"misp-attribute": "sha224",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 0
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha256": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"misp-attribute": "sha256",
|
|
|
|
|
"ui-priority": 1
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha384": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (384 bits)",
|
|
|
|
|
"misp-attribute": "sha384",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 0
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha512": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (512 bits)",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"misp-attribute": "sha512",
|
|
|
|
|
"ui-priority": 1
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha512/224": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
|
|
|
|
"misp-attribute": "sha512/224",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 0
|
2017-08-29 13:25:58 +02:00
|
|
|
|
},
|
|
|
|
|
"sha512/256": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
|
|
|
|
"misp-attribute": "sha512/256",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 0
|
2017-03-12 23:06:39 +01:00
|
|
|
|
},
|
2017-07-03 12:18:25 +02:00
|
|
|
|
"size-in-bytes": {
|
2017-08-29 13:25:58 +02:00
|
|
|
|
"description": "Size of the section, in bytes",
|
2017-07-03 12:18:25 +02:00
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"misp-attribute": "size-in-bytes",
|
|
|
|
|
"ui-priority": 1
|
2017-03-13 16:33:50 +01:00
|
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"ssdeep": {
|
|
|
|
|
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
|
|
|
|
|
"misp-attribute": "ssdeep",
|
|
|
|
|
"ui-priority": 0
|
|
|
|
|
},
|
|
|
|
|
"text": {
|
|
|
|
|
"description": "Free text value to attach to the section",
|
2019-05-03 11:18:58 +02:00
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"recommended": false,
|
|
|
|
|
"ui-priority": 1
|
2019-05-03 11:18:58 +02:00
|
|
|
|
},
|
|
|
|
|
"virtual_address": {
|
|
|
|
|
"description": "Section’s virtual address",
|
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"misp-attribute": "hex",
|
|
|
|
|
"ui-priority": 1
|
2019-05-03 11:18:58 +02:00
|
|
|
|
},
|
|
|
|
|
"virtual_size": {
|
|
|
|
|
"description": "Section’s virtual size",
|
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"misp-attribute": "size-in-bytes",
|
|
|
|
|
"ui-priority": 1
|
2017-03-12 23:06:39 +01:00
|
|
|
|
}
|
|
|
|
|
},
|
2017-07-03 12:18:25 +02:00
|
|
|
|
"description": "Object describing a section of a Portable Executable",
|
|
|
|
|
"meta-category": "file",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"name": "pe-section",
|
|
|
|
|
"requiredOneOf": [
|
|
|
|
|
"text",
|
|
|
|
|
"name",
|
|
|
|
|
"md5",
|
|
|
|
|
"sha1",
|
|
|
|
|
"sha224",
|
|
|
|
|
"sha256",
|
|
|
|
|
"sha384",
|
|
|
|
|
"sha512",
|
|
|
|
|
"sha512/224",
|
|
|
|
|
"sha512/256"
|
|
|
|
|
],
|
2017-07-03 12:18:25 +02:00
|
|
|
|
"uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
|
2020-04-26 02:10:02 +02:00
|
|
|
|
"version": 3
|
|
|
|
|
}
|