2017-03-13 17:23:42 +01:00
|
|
|
{
|
2017-07-03 12:09:46 +02:00
|
|
|
"requiredOneOf": [
|
|
|
|
"text",
|
2017-08-25 15:20:18 +02:00
|
|
|
"entrypoint-address"
|
2017-07-03 12:09:46 +02:00
|
|
|
],
|
2017-03-13 17:23:42 +01:00
|
|
|
"attributes": {
|
2017-08-25 15:20:18 +02:00
|
|
|
"entrypoint-address": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Address of the entry point",
|
2017-08-25 15:20:18 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:42:07 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:09:46 +02:00
|
|
|
"misp-attribute": "text"
|
2017-03-13 17:58:56 +01:00
|
|
|
},
|
2017-08-25 15:20:18 +02:00
|
|
|
"type": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Type of ELF",
|
2017-03-14 10:05:48 +01:00
|
|
|
"sane_default": [
|
2017-08-25 15:20:18 +02:00
|
|
|
"CORE",
|
|
|
|
"DYNAMIC",
|
|
|
|
"EXECUTABLE",
|
|
|
|
"HIPROC",
|
|
|
|
"LOPROC",
|
|
|
|
"NONE",
|
|
|
|
"RELOCATABLE"
|
2017-07-03 12:09:46 +02:00
|
|
|
],
|
2017-07-03 16:42:07 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:09:46 +02:00
|
|
|
"misp-attribute": "text"
|
|
|
|
},
|
2017-08-25 15:20:18 +02:00
|
|
|
"number-sections": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Number of sections",
|
2017-07-03 12:09:46 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:42:07 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-25 15:20:18 +02:00
|
|
|
"misp-attribute": "counter"
|
2017-07-03 12:09:46 +02:00
|
|
|
},
|
2017-08-25 15:20:18 +02:00
|
|
|
"arch": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Architecture of the ELF file",
|
2017-08-25 15:20:18 +02:00
|
|
|
"sane_default": [
|
|
|
|
"None",
|
|
|
|
"M32",
|
|
|
|
"SPARC",
|
|
|
|
"i386",
|
|
|
|
"ARCH_68K",
|
|
|
|
"ARCH_88K",
|
|
|
|
"IAMCU",
|
|
|
|
"ARCH_860",
|
|
|
|
"MIPS",
|
|
|
|
"S370",
|
|
|
|
"MIPS_RS3_LE",
|
|
|
|
"PARISC",
|
|
|
|
"VPP500",
|
|
|
|
"SPARC32PLUS",
|
|
|
|
"ARCH_960",
|
|
|
|
"PPC",
|
|
|
|
"PPC64",
|
|
|
|
"S390",
|
|
|
|
"SPU",
|
|
|
|
"V800",
|
|
|
|
"FR20",
|
|
|
|
"RH32",
|
|
|
|
"RCE",
|
|
|
|
"ARM",
|
|
|
|
"ALPHA",
|
|
|
|
"SH",
|
|
|
|
"SPARCV9",
|
|
|
|
"TRICORE",
|
|
|
|
"ARC",
|
|
|
|
"H8_300",
|
|
|
|
"H8_300H",
|
|
|
|
"H8S",
|
|
|
|
"H8_500",
|
|
|
|
"IA_64",
|
|
|
|
"MIPS_X",
|
|
|
|
"COLDFIRE",
|
|
|
|
"ARCH_68HC12",
|
|
|
|
"MMA",
|
|
|
|
"PCP",
|
|
|
|
"NCPU",
|
|
|
|
"NDR1",
|
|
|
|
"STARCORE",
|
|
|
|
"ME16",
|
|
|
|
"ST100",
|
|
|
|
"TINYJ",
|
|
|
|
"x86_64",
|
|
|
|
"PDSP",
|
|
|
|
"PDP10",
|
|
|
|
"PDP11",
|
|
|
|
"FX66",
|
|
|
|
"ST9PLUS",
|
|
|
|
"ST7",
|
|
|
|
"ARCH_68HC16",
|
|
|
|
"ARCH_68HC11",
|
|
|
|
"ARCH_68HC08",
|
|
|
|
"ARCH_68HC05",
|
|
|
|
"SVX",
|
|
|
|
"ST19",
|
|
|
|
"VAX",
|
|
|
|
"CRIS",
|
|
|
|
"JAVELIN",
|
|
|
|
"FIREPATH",
|
|
|
|
"ZSP",
|
|
|
|
"MMIX",
|
|
|
|
"HUANY",
|
|
|
|
"PRISM",
|
|
|
|
"AVR",
|
|
|
|
"FR30",
|
|
|
|
"D10V",
|
|
|
|
"D30V",
|
|
|
|
"V850",
|
|
|
|
"M32R",
|
|
|
|
"MN10300",
|
|
|
|
"MN10200",
|
|
|
|
"PJ",
|
|
|
|
"OPENRISC",
|
|
|
|
"ARC_COMPACT",
|
|
|
|
"XTENSA",
|
|
|
|
"VIDEOCORE",
|
|
|
|
"TMM_GPP",
|
|
|
|
"NS32K",
|
|
|
|
"TPC",
|
|
|
|
"SNP1K",
|
|
|
|
"ST200",
|
|
|
|
"IP2K",
|
|
|
|
"MAX",
|
|
|
|
"CR",
|
|
|
|
"F2MC16",
|
|
|
|
"MSP430",
|
|
|
|
"BLACKFIN",
|
|
|
|
"SE_C33",
|
|
|
|
"SEP",
|
|
|
|
"ARCA",
|
|
|
|
"UNICORE",
|
|
|
|
"EXCESS",
|
|
|
|
"DXP",
|
|
|
|
"ALTERA_NIOS2",
|
|
|
|
"CRX",
|
|
|
|
"XGATE",
|
|
|
|
"C166",
|
|
|
|
"M16C",
|
|
|
|
"DSPIC30F",
|
|
|
|
"CE",
|
|
|
|
"M32C",
|
|
|
|
"TSK3000",
|
|
|
|
"RS08",
|
|
|
|
"SHARC",
|
|
|
|
"ECOG2",
|
|
|
|
"SCORE7",
|
|
|
|
"DSP24",
|
|
|
|
"VIDEOCORE3",
|
|
|
|
"LATTICEMICO32",
|
|
|
|
"SE_C17",
|
|
|
|
"TI_C6000",
|
|
|
|
"TI_C2000",
|
|
|
|
"TI_C5500",
|
|
|
|
"MMDSP_PLUS",
|
|
|
|
"CYPRESS_M8C",
|
|
|
|
"R32C",
|
|
|
|
"TRIMEDIA",
|
|
|
|
"HEXAGON",
|
|
|
|
"ARCH_8051",
|
|
|
|
"STXP7X",
|
|
|
|
"NDS32",
|
|
|
|
"ECOG1",
|
|
|
|
"ECOG1X",
|
|
|
|
"MAXQ30",
|
|
|
|
"XIMO16",
|
|
|
|
"MANIK",
|
|
|
|
"CRAYNV2",
|
|
|
|
"RX",
|
|
|
|
"METAG",
|
|
|
|
"MCST_ELBRUS",
|
|
|
|
"ECOG16",
|
|
|
|
"CR16",
|
|
|
|
"ETPU",
|
|
|
|
"SLE9X",
|
|
|
|
"L10M",
|
|
|
|
"K10M",
|
|
|
|
"AARCH64",
|
|
|
|
"AVR32",
|
|
|
|
"STM8",
|
|
|
|
"TILE64",
|
|
|
|
"TILEPRO",
|
|
|
|
"CUDA",
|
|
|
|
"TILEGX",
|
|
|
|
"CLOUDSHIELD",
|
|
|
|
"COREA_1ST",
|
|
|
|
"COREA_2ND",
|
|
|
|
"ARC_COMPACT2",
|
|
|
|
"OPEN8",
|
|
|
|
"RL78",
|
|
|
|
"VIDEOCORE5",
|
|
|
|
"ARCH_78KOR",
|
|
|
|
"ARCH_56800EX",
|
|
|
|
"BA1",
|
|
|
|
"BA2",
|
|
|
|
"XCORE",
|
|
|
|
"MCHP_PIC",
|
|
|
|
"INTEL205",
|
|
|
|
"INTEL206",
|
|
|
|
"INTEL207",
|
|
|
|
"INTEL208",
|
|
|
|
"INTEL209",
|
|
|
|
"KM32",
|
|
|
|
"KMX32",
|
|
|
|
"KMX16",
|
|
|
|
"KMX8",
|
|
|
|
"KVARC",
|
|
|
|
"CDP",
|
|
|
|
"COGE",
|
|
|
|
"COOL",
|
|
|
|
"NORC",
|
|
|
|
"CSR_KALIMBA",
|
|
|
|
"AMDGPU"
|
|
|
|
],
|
2017-07-03 16:42:07 +02:00
|
|
|
"ui-priority": 0,
|
2017-12-30 19:39:55 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
"disable_correlation": true
|
2017-07-03 12:09:46 +02:00
|
|
|
},
|
2017-08-25 15:20:18 +02:00
|
|
|
"os_abi": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Header operating system application binary interface (ABI)",
|
2017-08-25 15:20:18 +02:00
|
|
|
"sane_default": [
|
|
|
|
"AIX",
|
|
|
|
"ARM",
|
|
|
|
"AROS",
|
|
|
|
"C6000_ELFABI",
|
|
|
|
"C6000_LINUX",
|
|
|
|
"CLOUDABI",
|
|
|
|
"FENIXOS",
|
|
|
|
"FREEBSD",
|
|
|
|
"GNU",
|
|
|
|
"HPUX",
|
|
|
|
"HURD",
|
|
|
|
"IRIX",
|
|
|
|
"MODESTO",
|
|
|
|
"NETBSD",
|
|
|
|
"NSK",
|
|
|
|
"OPENBSD",
|
|
|
|
"OPENVMS",
|
|
|
|
"SOLARIS",
|
|
|
|
"STANDALONE",
|
|
|
|
"SYSTEMV",
|
|
|
|
"TRU64"
|
|
|
|
],
|
2017-07-03 16:42:07 +02:00
|
|
|
"ui-priority": 0,
|
2017-12-30 19:39:55 +01:00
|
|
|
"misp-attribute": "text",
|
|
|
|
"disable_correlation": true
|
2017-07-03 12:09:46 +02:00
|
|
|
},
|
|
|
|
"text": {
|
2017-08-29 13:25:58 +02:00
|
|
|
"description": "Free text value to attach to the ELF",
|
2017-07-03 12:09:46 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:42:07 +02:00
|
|
|
"ui-priority": 1,
|
2017-08-29 13:25:58 +02:00
|
|
|
"misp-attribute": "text",
|
|
|
|
"recommended": false
|
2017-03-14 10:05:48 +01:00
|
|
|
}
|
2017-03-13 17:23:42 +01:00
|
|
|
},
|
2017-12-30 19:39:55 +01:00
|
|
|
"version": 4,
|
2017-07-03 12:09:46 +02:00
|
|
|
"description": "Object describing a Executable and Linkable Format",
|
|
|
|
"meta-category": "file",
|
|
|
|
"uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
|
|
|
|
"name": "elf"
|
2017-03-13 17:23:42 +01:00
|
|
|
}
|