2017-03-17 18:42:10 +01:00
{
"attributes" : {
2017-07-03 12:18:47 +02:00
"callback-average" : {
"description" : "Average size of a callback" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"callback-largest" : {
"description" : "Largest callback" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"callbacks" : {
"description" : "Amount of callbacks (functions started as thread)" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2017-07-03 12:18:47 +02:00
"create-thread" : {
"description" : "Amount of calls to CreateThread" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"dangling-strings" : {
"description" : "Amount of dangling strings (string with a code cross reference, that is not within a function. Radare2 failed to detect that function.)" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2017-07-03 12:18:47 +02:00
"get-proc-address" : {
"description" : "Amount of calls to GetProcAddress" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"gml" : {
"description" : "Graph export in G>raph Modelling Language format" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "attachment" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"local-references" : {
"description" : "Amount of API calls inside a code section" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"memory-allocations" : {
"description" : "Amount of memory allocations" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"miss-api" : {
"description" : "Amount of API call reference that does not resolve to a function offset" ,
"disable_correlation" : true ,
"misp-attribute" : "counter" ,
"ui-priority" : 0
} ,
"not-referenced-strings" : {
"description" : "Amount of not referenced strings" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2017-07-03 12:18:47 +02:00
"r2-commit-version" : {
"description" : "Radare2 commit ID used to generate this object" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"ratio-api" : {
"description" : "Ratio: amount of API calls per kilobyte of code section" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "float" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"ratio-functions" : {
"description" : "Ratio: amount of functions per kilobyte of code section" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "float" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"ratio-string" : {
"description" : "Ratio: amount of referenced strings per kilobyte of code section" ,
2017-03-21 16:46:41 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "float" ,
"ui-priority" : 0
2017-03-21 16:46:41 +01:00
} ,
2020-04-26 02:10:02 +02:00
"referenced-strings" : {
"description" : "Amount of referenced strings" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2017-07-03 12:18:47 +02:00
"refsglobalvar" : {
"description" : "Amount of API calls outside of code section (glob var, dynamic API)" ,
2017-03-17 18:42:10 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-21 16:46:41 +01:00
} ,
2020-04-26 02:10:02 +02:00
"shortest-path-to-create-thread" : {
"description" : "Shortest path to the first time the binary calls CreateThread" ,
2017-03-21 16:46:41 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-21 16:46:41 +01:00
} ,
2020-04-26 02:10:02 +02:00
"text" : {
"description" : "Description of the r2graphity object" ,
2017-03-21 16:46:41 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "text" ,
"ui-priority" : 1
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"total-api" : {
"description" : "Total amount of API calls" ,
2017-03-20 14:30:45 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"total-functions" : {
"description" : "Total amount of functions in the file." ,
2017-03-20 14:30:45 +01:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
} ,
2020-04-26 02:10:02 +02:00
"unknown-references" : {
"description" : "Amount of API calls not ending in a function (Radare2 bug, probalby)" ,
2017-07-03 12:18:47 +02:00
"disable_correlation" : true ,
2020-04-26 02:10:02 +02:00
"misp-attribute" : "counter" ,
"ui-priority" : 0
2017-03-17 18:42:10 +01:00
}
} ,
2017-07-03 12:18:47 +02:00
"description" : "Indicators extracted from files using radare2 and graphml" ,
"meta-category" : "file" ,
2020-04-26 02:10:02 +02:00
"name" : "r2graphity" ,
"requiredOneOf" : [
"r2-commit-version"
] ,
2017-07-03 12:18:47 +02:00
"uuid" : "b6abe0e0-52ea-4424-ba42-761c2e027b76" ,
2020-04-26 02:10:02 +02:00
"version" : 2
}