2017-03-13 17:23:42 +01:00
|
|
|
{
|
2017-07-03 12:11:54 +02:00
|
|
|
"requiredOneOf": [
|
|
|
|
|
"text",
|
|
|
|
|
"name",
|
2017-08-29 18:36:46 +02:00
|
|
|
"md5",
|
2017-07-03 12:11:54 +02:00
|
|
|
"sha1",
|
2017-08-29 18:36:46 +02:00
|
|
|
"sha224",
|
2017-07-03 12:11:54 +02:00
|
|
|
"sha256",
|
2017-08-29 18:36:46 +02:00
|
|
|
"sha384",
|
|
|
|
|
"sha512",
|
|
|
|
|
"sha512/224",
|
|
|
|
|
"sha512/256"
|
2017-07-03 12:11:54 +02:00
|
|
|
],
|
2017-03-13 17:23:42 +01:00
|
|
|
"attributes": {
|
2017-08-29 18:36:46 +02:00
|
|
|
"md5": {
|
|
|
|
|
"description": "[Insecure] MD5 hash (128 bits)",
|
|
|
|
|
"ui-priority": 1,
|
|
|
|
|
"misp-attribute": "md5",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
|
|
|
|
"sha1": {
|
|
|
|
|
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
|
|
|
|
|
"ui-priority": 1,
|
|
|
|
|
"misp-attribute": "sha1",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
|
|
|
|
"sha224": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
2017-07-03 16:42:26 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-29 18:36:46 +02:00
|
|
|
"misp-attribute": "sha224",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
|
|
|
|
"sha256": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
|
|
|
|
"ui-priority": 1,
|
|
|
|
|
"misp-attribute": "sha256"
|
|
|
|
|
},
|
|
|
|
|
"sha384": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (384 bits)",
|
|
|
|
|
"ui-priority": 0,
|
|
|
|
|
"misp-attribute": "sha384",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
|
|
|
|
"sha512": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (512 bits)",
|
|
|
|
|
"ui-priority": 1,
|
2017-07-03 12:11:54 +02:00
|
|
|
"misp-attribute": "sha512"
|
|
|
|
|
},
|
2017-08-29 18:36:46 +02:00
|
|
|
"sha512/224": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (224 bits)",
|
|
|
|
|
"ui-priority": 0,
|
|
|
|
|
"misp-attribute": "sha512/224",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
|
|
|
|
"sha512/256": {
|
|
|
|
|
"description": "Secure Hash Algorithm 2 (256 bits)",
|
|
|
|
|
"ui-priority": 0,
|
|
|
|
|
"misp-attribute": "sha512/256",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
2017-07-03 12:11:54 +02:00
|
|
|
"ssdeep": {
|
2017-08-29 18:36:46 +02:00
|
|
|
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
|
2017-07-03 16:42:26 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:11:54 +02:00
|
|
|
"misp-attribute": "ssdeep"
|
|
|
|
|
},
|
|
|
|
|
"entropy": {
|
2017-08-29 18:36:46 +02:00
|
|
|
"description": "Entropy of the whole section",
|
2017-07-03 12:11:54 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:42:26 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:11:54 +02:00
|
|
|
"misp-attribute": "float"
|
2017-03-13 17:23:42 +01:00
|
|
|
},
|
2017-08-29 18:36:46 +02:00
|
|
|
"name": {
|
|
|
|
|
"description": "Name of the section",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"ui-priority": 1,
|
|
|
|
|
"misp-attribute": "text"
|
|
|
|
|
},
|
|
|
|
|
"size-in-bytes": {
|
|
|
|
|
"description": "Size of the section, in bytes",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"ui-priority": 1,
|
|
|
|
|
"misp-attribute": "size-in-bytes"
|
|
|
|
|
},
|
|
|
|
|
"text": {
|
|
|
|
|
"description": "Free text value to attach to the section",
|
|
|
|
|
"disable_correlation": true,
|
|
|
|
|
"ui-priority": 1,
|
|
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"recommended": false
|
|
|
|
|
},
|
2017-08-25 15:20:18 +02:00
|
|
|
"type": {
|
2017-08-29 18:36:46 +02:00
|
|
|
"description": "Type of the section",
|
2017-03-13 18:04:21 +01:00
|
|
|
"sane_default": [
|
2017-08-25 15:20:18 +02:00
|
|
|
"NULL",
|
|
|
|
|
"PROGBITS",
|
|
|
|
|
"SYMTAB",
|
|
|
|
|
"STRTAB",
|
|
|
|
|
"RELA",
|
|
|
|
|
"HASH",
|
|
|
|
|
"DYNAMIC",
|
|
|
|
|
"NOTE",
|
|
|
|
|
"NOBITS",
|
|
|
|
|
"REL",
|
|
|
|
|
"SHLIB",
|
|
|
|
|
"DYNSYM",
|
|
|
|
|
"INIT_ARRAY",
|
|
|
|
|
"FINI_ARRAY",
|
|
|
|
|
"PREINIT_ARRAY",
|
|
|
|
|
"GROUP",
|
|
|
|
|
"SYMTAB_SHNDX",
|
|
|
|
|
"LOOS",
|
|
|
|
|
"GNU_ATTRIBUTES",
|
|
|
|
|
"GNU_HASH",
|
|
|
|
|
"GNU_VERDEF",
|
|
|
|
|
"GNU_VERNEED",
|
|
|
|
|
"GNU_VERSYM",
|
|
|
|
|
"HIOS",
|
|
|
|
|
"LOPROC",
|
|
|
|
|
"ARM_EXIDX",
|
|
|
|
|
"ARM_PREEMPTMAP",
|
|
|
|
|
"HEX_ORDERED",
|
|
|
|
|
"X86_64_UNWIND",
|
|
|
|
|
"MIPS_REGINFO",
|
|
|
|
|
"MIPS_OPTIONS",
|
|
|
|
|
"MIPS_ABIFLAGS",
|
|
|
|
|
"HIPROC",
|
|
|
|
|
"LOUSER",
|
|
|
|
|
"HIUSER"
|
2017-07-03 12:11:54 +02:00
|
|
|
],
|
2017-09-11 16:08:03 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:42:26 +02:00
|
|
|
"ui-priority": 0,
|
2017-07-03 12:11:54 +02:00
|
|
|
"misp-attribute": "text"
|
|
|
|
|
},
|
2017-08-25 15:20:18 +02:00
|
|
|
"flag": {
|
2017-08-29 18:36:46 +02:00
|
|
|
"description": "Flag of the section",
|
2017-03-13 17:23:42 +01:00
|
|
|
"sane_default": [
|
2017-08-25 15:20:18 +02:00
|
|
|
"ALLOC",
|
|
|
|
|
"EXCLUDE",
|
|
|
|
|
"EXECINSTR",
|
|
|
|
|
"GROUP",
|
|
|
|
|
"HEX_GPREL",
|
|
|
|
|
"INFO_LINK",
|
|
|
|
|
"LINK_ORDER",
|
|
|
|
|
"MASKOS",
|
|
|
|
|
"MASKPROC",
|
|
|
|
|
"MERGE",
|
|
|
|
|
"MIPS_ADDR",
|
|
|
|
|
"MIPS_LOCAL",
|
|
|
|
|
"MIPS_MERGE",
|
|
|
|
|
"MIPS_NAMES",
|
|
|
|
|
"MIPS_NODUPES",
|
|
|
|
|
"MIPS_NOSTRIP",
|
|
|
|
|
"NONE",
|
|
|
|
|
"OS_NONCONFORMING",
|
|
|
|
|
"STRINGS",
|
|
|
|
|
"TLS",
|
|
|
|
|
"WRITE",
|
|
|
|
|
"XCORE_SHF_CP_SECTION"
|
2017-07-03 12:11:54 +02:00
|
|
|
],
|
2017-09-11 16:08:03 +02:00
|
|
|
"disable_correlation": true,
|
2017-07-03 16:42:26 +02:00
|
|
|
"ui-priority": 0,
|
2017-08-27 17:49:53 +02:00
|
|
|
"misp-attribute": "text",
|
|
|
|
|
"multiple": true
|
2017-03-13 17:23:42 +01:00
|
|
|
}
|
|
|
|
|
},
|
2017-08-29 18:36:46 +02:00
|
|
|
"version": 4,
|
2017-07-03 12:11:54 +02:00
|
|
|
"description": "Object describing a section of an Executable and Linkable Format",
|
|
|
|
|
"meta-category": "file",
|
|
|
|
|
"uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
|
|
|
|
|
"name": "elf-section"
|
2017-03-13 17:23:42 +01:00
|
|
|
}
|
