misp-objects/objects/elf/definition.json

260 lines
4.9 KiB
JSON
Raw Normal View History

{
2017-07-03 12:09:46 +02:00
"requiredOneOf": [
"text",
2017-08-25 15:20:18 +02:00
"entrypoint-address"
2017-07-03 12:09:46 +02:00
],
"attributes": {
2017-08-25 15:20:18 +02:00
"entrypoint-address": {
2017-08-29 13:25:58 +02:00
"description": "Address of the entry point",
2017-08-25 15:20:18 +02:00
"disable_correlation": true,
2017-07-03 16:42:07 +02:00
"ui-priority": 0,
2017-07-03 12:09:46 +02:00
"misp-attribute": "text"
2017-03-13 17:58:56 +01:00
},
2017-08-25 15:20:18 +02:00
"type": {
2017-08-29 13:25:58 +02:00
"description": "Type of ELF",
2017-03-14 10:05:48 +01:00
"sane_default": [
2017-08-25 15:20:18 +02:00
"CORE",
"DYNAMIC",
"EXECUTABLE",
"HIPROC",
"LOPROC",
"NONE",
"RELOCATABLE"
2017-07-03 12:09:46 +02:00
],
2017-07-03 16:42:07 +02:00
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
2017-07-03 12:09:46 +02:00
},
2017-08-25 15:20:18 +02:00
"number-sections": {
2017-08-29 13:25:58 +02:00
"description": "Number of sections",
2017-07-03 12:09:46 +02:00
"disable_correlation": true,
2017-07-03 16:42:07 +02:00
"ui-priority": 0,
2017-08-25 15:20:18 +02:00
"misp-attribute": "counter"
2017-07-03 12:09:46 +02:00
},
2017-08-25 15:20:18 +02:00
"arch": {
2017-08-29 13:25:58 +02:00
"description": "Architecture of the ELF file",
2017-08-25 15:20:18 +02:00
"sane_default": [
"None",
"M32",
"SPARC",
"i386",
"ARCH_68K",
"ARCH_88K",
"IAMCU",
"ARCH_860",
"MIPS",
"S370",
"MIPS_RS3_LE",
"PARISC",
"VPP500",
"SPARC32PLUS",
"ARCH_960",
"PPC",
"PPC64",
"S390",
"SPU",
"V800",
"FR20",
"RH32",
"RCE",
"ARM",
"ALPHA",
"SH",
"SPARCV9",
"TRICORE",
"ARC",
"H8_300",
"H8_300H",
"H8S",
"H8_500",
"IA_64",
"MIPS_X",
"COLDFIRE",
"ARCH_68HC12",
"MMA",
"PCP",
"NCPU",
"NDR1",
"STARCORE",
"ME16",
"ST100",
"TINYJ",
"x86_64",
"PDSP",
"PDP10",
"PDP11",
"FX66",
"ST9PLUS",
"ST7",
"ARCH_68HC16",
"ARCH_68HC11",
"ARCH_68HC08",
"ARCH_68HC05",
"SVX",
"ST19",
"VAX",
"CRIS",
"JAVELIN",
"FIREPATH",
"ZSP",
"MMIX",
"HUANY",
"PRISM",
"AVR",
"FR30",
"D10V",
"D30V",
"V850",
"M32R",
"MN10300",
"MN10200",
"PJ",
"OPENRISC",
"ARC_COMPACT",
"XTENSA",
"VIDEOCORE",
"TMM_GPP",
"NS32K",
"TPC",
"SNP1K",
"ST200",
"IP2K",
"MAX",
"CR",
"F2MC16",
"MSP430",
"BLACKFIN",
"SE_C33",
"SEP",
"ARCA",
"UNICORE",
"EXCESS",
"DXP",
"ALTERA_NIOS2",
"CRX",
"XGATE",
"C166",
"M16C",
"DSPIC30F",
"CE",
"M32C",
"TSK3000",
"RS08",
"SHARC",
"ECOG2",
"SCORE7",
"DSP24",
"VIDEOCORE3",
"LATTICEMICO32",
"SE_C17",
"TI_C6000",
"TI_C2000",
"TI_C5500",
"MMDSP_PLUS",
"CYPRESS_M8C",
"R32C",
"TRIMEDIA",
"HEXAGON",
"ARCH_8051",
"STXP7X",
"NDS32",
"ECOG1",
"ECOG1X",
"MAXQ30",
"XIMO16",
"MANIK",
"CRAYNV2",
"RX",
"METAG",
"MCST_ELBRUS",
"ECOG16",
"CR16",
"ETPU",
"SLE9X",
"L10M",
"K10M",
"AARCH64",
"AVR32",
"STM8",
"TILE64",
"TILEPRO",
"CUDA",
"TILEGX",
"CLOUDSHIELD",
"COREA_1ST",
"COREA_2ND",
"ARC_COMPACT2",
"OPEN8",
"RL78",
"VIDEOCORE5",
"ARCH_78KOR",
"ARCH_56800EX",
"BA1",
"BA2",
"XCORE",
"MCHP_PIC",
"INTEL205",
"INTEL206",
"INTEL207",
"INTEL208",
"INTEL209",
"KM32",
"KMX32",
"KMX16",
"KMX8",
"KVARC",
"CDP",
"COGE",
"COOL",
"NORC",
"CSR_KALIMBA",
"AMDGPU"
],
2017-07-03 16:42:07 +02:00
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
2017-07-03 12:09:46 +02:00
},
2017-08-25 15:20:18 +02:00
"os_abi": {
2017-08-29 13:25:58 +02:00
"description": "Header operating system application binary interface (ABI)",
2017-08-25 15:20:18 +02:00
"sane_default": [
"AIX",
"ARM",
"AROS",
"C6000_ELFABI",
"C6000_LINUX",
"CLOUDABI",
"FENIXOS",
"FREEBSD",
"GNU",
"HPUX",
"HURD",
"IRIX",
"MODESTO",
"NETBSD",
"NSK",
"OPENBSD",
"OPENVMS",
"SOLARIS",
"STANDALONE",
"SYSTEMV",
"TRU64"
],
2017-07-03 16:42:07 +02:00
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
2017-07-03 12:09:46 +02:00
},
"text": {
2017-08-29 13:25:58 +02:00
"description": "Free text value to attach to the ELF",
2017-07-03 12:09:46 +02:00
"disable_correlation": true,
2017-07-03 16:42:07 +02:00
"ui-priority": 1,
2017-08-29 13:25:58 +02:00
"misp-attribute": "text",
"recommended": false
2017-03-14 10:05:48 +01:00
}
},
"version": 5,
2017-07-03 12:09:46 +02:00
"description": "Object describing a Executable and Linkable Format",
"meta-category": "file",
"uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
"name": "elf"
}