misp-objects/objects/r2graphity/definition.json

{
  "requiredOneOf": [
    "r2-commit-version"
  ],
  "attributes": {
    "callback-average": {
      "description": "Average size of a callback",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "callbacks": {
      "description": "Amount of callbacks (functions started as thread)",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "shortest-path-to-create-thread": {
      "description": "Shortest path to the first time the binary calls CreateThread",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "create-thread": {
      "description": "Amount of calls to CreateThread",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "memory-allocations": {
      "description": "Amount of memory allocations",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "get-proc-address": {
      "description": "Amount of calls to GetProcAddress",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "dangling-strings": {
      "description": "Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "referenced-strings": {
      "description": "Amount of referenced strings",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "callback-largest": {
      "description": "Largest callback",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "gml": {
      "description": "Graph export in G>raph Modelling Language format",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "attachment"
    },
    "r2-commit-version": {
      "description": "Radare2 commit ID used to generate this object",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "text": {
      "description": "Description of the r2graphity object",
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "miss-api": {
      "description": "Amount of API call reference that does not resolve to a function offset",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "total-api": {
      "description": "Total amount of API calls",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "unknown-references": {
      "description": "Amount of API calls not ending in a function (Radare2 bug, probalby)",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "refsglobalvar": {
      "description": "Amount of API calls outside of code section (glob var, dynamic API)",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "local-references": {
      "description": "Amount of API calls inside a code section",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "total-functions": {
      "description": "Total amount of functions in the file.",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "not-referenced-strings": {
      "description": "Amount of not referenced strings",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "counter"
    },
    "ratio-functions": {
      "description": "Ratio: amount of functions per kilobyte of code section",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "float"
    },
    "ratio-api": {
      "description": "Ratio: amount of API calls per kilobyte of code section",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "float"
    },
    "ratio-string": {
      "description": "Ratio: amount of referenced strings per kilobyte of code section",
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "float"
    }
  },
  "version": 2,
  "description": "Indicators extracted from files using radare2 and graphml",
  "meta-category": "file",
  "uuid": "b6abe0e0-52ea-4424-ba42-761c2e027b76",
  "name": "r2graphity"
}
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`{`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"requiredOneOf": [`
fix: requiredOneOf list of r2graphity was wrong Fix #20 2017-11-10 22:28:05 +01:00			`"r2-commit-version"`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`],`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"attributes": {`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"callback-average": {`
			`"description": "Average size of a callback",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"callbacks": {`
			`"description": "Amount of callbacks (functions started as thread)",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"shortest-path-to-create-thread": {`
			`"description": "Shortest path to the first time the binary calls CreateThread",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"create-thread": {`
			`"description": "Amount of calls to CreateThread",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"memory-allocations": {`
			`"description": "Amount of memory allocations",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"get-proc-address": {`
			`"description": "Amount of calls to GetProcAddress",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"dangling-strings": {`
			`"description": "Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"referenced-strings": {`
			`"description": "Amount of referenced strings",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"callback-largest": {`
			`"description": "Largest callback",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"gml": {`
			`"description": "Graph export in G>raph Modelling Language format",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "attachment"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"r2-commit-version": {`
			`"description": "Radare2 commit ID used to generate this object",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "text"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"text": {`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"description": "Description of the r2graphity object",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 1,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "text"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"miss-api": {`
			`"description": "Amount of API call reference that does not resolve to a function offset",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"total-api": {`
			`"description": "Total amount of API calls",`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"unknown-references": {`
			`"description": "Amount of API calls not ending in a function (Radare2 bug, probalby)",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"refsglobalvar": {`
			`"description": "Amount of API calls outside of code section (glob var, dynamic API)",`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"local-references": {`
			`"description": "Amount of API calls inside a code section",`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"total-functions": {`
			`"description": "Total amount of functions in the file.",`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"not-referenced-strings": {`
			`"description": "Amount of not referenced strings",`
Update attributes os r2graphity object 2017-03-21 16:46:41 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "counter"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"ratio-functions": {`
			`"description": "Ratio: amount of functions per kilobyte of code section",`
Updade r2graphity definition 2017-03-20 14:30:45 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "float"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"ratio-api": {`
			`"description": "Ratio: amount of API calls per kilobyte of code section",`
Updade r2graphity definition 2017-03-20 14:30:45 +01:00			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "float"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`},`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"ratio-string": {`
			`"description": "Ratio: amount of referenced strings per kilobyte of code section",`
			`"disable_correlation": true,`
ui-priority 2017-07-03 16:44:39 +02:00			`"ui-priority": 0,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"misp-attribute": "float"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`}`
			`},`
Add descriptions in all the objects 2017-08-29 18:36:46 +02:00			`"version": 2,`
misp-usage-frequency updated 2017-07-03 12:18:47 +02:00			`"description": "Indicators extracted from files using radare2 and graphml",`
			`"meta-category": "file",`
			`"uuid": "b6abe0e0-52ea-4424-ba42-761c2e027b76",`
			`"name": "r2graphity"`
Add initial version of the r2graphity object 2017-03-17 18:42:10 +01:00			`}`