MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #9 from sebdraven/master 

add information in elf and elf sections
pull/10/head
Raphaël Vinot 2017-03-14 10:09:32 +01:00 committed by GitHub
parent 8ec59dca1a 16f41b2b4a
commit c57e6a568d
2 changed files with 77 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
objects/elf-section/definition.json
View File

@ -4,12 +4,37 @@
"description": "Object describing a section of an Executable and Linkable Format", "description": "Object describing a section of an Executable and Linkable Format",
"version": 1, "version": 1,
"attributes": { "attributes": {
"name": { "sh_name": {
"misp-attribute": "text", "misp-attribute": "text",
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"disable_correlation": true "disable_correlation": true
}, },
"Flags": { "sh_type": {
"misp-attribute": "text",
"misp-usage-frequency": 0,
"sane_default": [
"SHT_NULL",
"SHT_PROGBITS",
"SHT_SYMTAB",
"SHT_STRTAB",
"SHT_RELA",
"SHT_HASH",
"SHT_DYNAMIC",
"SHT_NOTE",
"SHT_NOBITS",
"SHT_REL",
"SHT_SHLIB",
"SHT_DYNSYM",
"SHT_INIT_ARRAY",
"SHT_FINI_ARRAY",
"SHT_PREINIT_ARRAY",
"SHT_GROUP",
"SHT_SYMTAB_SHNDX",
"SHT_NUM",
"SHT_LOOS"
]
},
"sh_flags": {
"misp-attribute": "text", "misp-attribute": "text",
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"sane_default": [ "sane_default": [
@ -36,7 +61,7 @@
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"disable_correlation": true "disable_correlation": true
}, },
"size-in-bytes": { "sh_size": {
"misp-attribute": "size-in-bytes", "misp-attribute": "size-in-bytes",
"misp-usage-frequency": 1, "misp-usage-frequency": 1,
"disable_correlation": true "disable_correlation": true

57
objects/elf/definition.json
View File

@ -13,11 +13,7 @@
"misp-attribute": "filename", "misp-attribute": "filename",
"misp-usage-frequency": 1 "misp-usage-frequency": 1
}, },
"internal-filename": { "e_entry": {
"misp-attribute": "filename",
"misp-usage-frequency": 0
},
"entrypoint-address": {
"misp-attribute": "text", "misp-attribute": "text",
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"disable_correlation": true "disable_correlation": true
@ -27,15 +23,60 @@
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"disable_correlation": true "disable_correlation": true
}, },
"file-version": { "e_version": {
"misp-attribute": "text", "misp-attribute": "text",
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"disable_correlation": true "disable_correlation": true
}, },
"elf-type": { "e_type": {
"misp-attribute": "text", "misp-attribute": "text",
"misp-usage-frequency": 0, "misp-usage-frequency": 0,
"disable_correlation": true "sane_default": [
"relocatable",
"executable",
"shared",
"core"
]
},
"e_ident_abi": {
"misp-attribute": "text",
"misp-usage-frequency": 0,
"sane_default": [
"System V",
"HP_UX",
"NetBSD",
"Linux",
"Solaris",
"AIX",
"IRIX",
"FreeBSD",
"True64",
"Novell Modesto",
"OpenBSD",
"OpenVMS",
"NonStop Kernel",
"AROS",
"Fenis OS",
"CloudABI",
"Sortix"
]
},
"e_machine": {
"misp-attribute": "text",
"misp-usage-frequency": 0,
"sane_default": [
"No specific instruction set",
"SPARC",
"X86",
"MISP",
"PowerPC",
"ARM",
"SuperH",
"IA-64",
"x86-64",
"AArch64",
"RISC-V"
]
} }
}, },
"requiredOneOf": [ "requiredOneOf": [