misp-objects/objects/elf-section/definition.json

{
  "requiredOneOf": [
    "text",
    "name",
    "sha1",
    "sha256",
    "sha512"
  ],
  "attributes": {
    "sha512": {
      "ui-priority": 0,
      "misp-attribute": "sha512"
    },
    "ssdeep": {
      "ui-priority": 0,
      "misp-attribute": "ssdeep"
    },
    "entropy": {
      "disable_correlation": true,
      "ui-priority": 0,
      "misp-attribute": "float"
    },
    "type": {
      "sane_default": [
        "NULL",
        "PROGBITS",
        "SYMTAB",
        "STRTAB",
        "RELA",
        "HASH",
        "DYNAMIC",
        "NOTE",
        "NOBITS",
        "REL",
        "SHLIB",
        "DYNSYM",
        "INIT_ARRAY",
        "FINI_ARRAY",
        "PREINIT_ARRAY",
        "GROUP",
        "SYMTAB_SHNDX",
        "LOOS",
        "GNU_ATTRIBUTES",
        "GNU_HASH",
        "GNU_VERDEF",
        "GNU_VERNEED",
        "GNU_VERSYM",
        "HIOS",
        "LOPROC",
        "ARM_EXIDX",
        "ARM_PREEMPTMAP",
        "HEX_ORDERED",
        "X86_64_UNWIND",
        "MIPS_REGINFO",
        "MIPS_OPTIONS",
        "MIPS_ABIFLAGS",
        "HIPROC",
        "LOUSER",
        "HIUSER"
      ],
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "name": {
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "sha256": {
      "ui-priority": 0,
      "misp-attribute": "sha256"
    },
    "size-in-bytes": {
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "size-in-bytes"
    },
    "text": {
      "disable_correlation": true,
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "flag": {
      "sane_default": [
        "ALLOC",
        "EXCLUDE",
        "EXECINSTR",
        "GROUP",
        "HEX_GPREL",
        "INFO_LINK",
        "LINK_ORDER",
        "MASKOS",
        "MASKPROC",
        "MERGE",
        "MIPS_ADDR",
        "MIPS_LOCAL",
        "MIPS_MERGE",
        "MIPS_NAMES",
        "MIPS_NODUPES",
        "MIPS_NOSTRIP",
        "NONE",
        "OS_NONCONFORMING",
        "STRINGS",
        "TLS",
        "WRITE",
        "XCORE_SHF_CP_SECTION"
      ],
      "ui-priority": 0,
      "misp-attribute": "text",
      "multiple": true
    },
    "sha1": {
      "ui-priority": 0,
      "misp-attribute": "sha1"
    },
    "md5": {
      "ui-priority": 1,
      "misp-attribute": "md5"
    }
  },
  "version": 3,
  "description": "Object describing a section of an Executable and Linkable Format",
  "meta-category": "file",
  "uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
  "name": "elf-section"
}