misp-objects/objects/elf-section/definition.json

171 lines
4.0 KiB
JSON

{
"attributes": {
"entropy": {
"description": "Entropy of the whole section",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"flag": {
"description": "Flag of the section",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"ALLOC",
"EXCLUDE",
"EXECINSTR",
"GROUP",
"HEX_GPREL",
"INFO_LINK",
"LINK_ORDER",
"MASKOS",
"MASKPROC",
"MERGE",
"MIPS_ADDR",
"MIPS_LOCAL",
"MIPS_MERGE",
"MIPS_NAMES",
"MIPS_NODUPES",
"MIPS_NOSTRIP",
"NONE",
"OS_NONCONFORMING",
"STRINGS",
"TLS",
"WRITE",
"XCORE_SHF_CP_SECTION"
],
"ui-priority": 0
},
"md5": {
"description": "[Insecure] MD5 hash (128 bits)",
"misp-attribute": "md5",
"recommended": false,
"ui-priority": 1
},
"name": {
"description": "Name of the section",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 1
},
"sha1": {
"description": "[Insecure] Secure Hash Algorithm 1 (160 bits)",
"misp-attribute": "sha1",
"recommended": false,
"ui-priority": 1
},
"sha224": {
"description": "Secure Hash Algorithm 2 (224 bits)",
"misp-attribute": "sha224",
"recommended": false,
"ui-priority": 0
},
"sha256": {
"description": "Secure Hash Algorithm 2 (256 bits)",
"misp-attribute": "sha256",
"ui-priority": 1
},
"sha384": {
"description": "Secure Hash Algorithm 2 (384 bits)",
"misp-attribute": "sha384",
"recommended": false,
"ui-priority": 0
},
"sha512": {
"description": "Secure Hash Algorithm 2 (512 bits)",
"misp-attribute": "sha512",
"ui-priority": 1
},
"sha512/224": {
"description": "Secure Hash Algorithm 2 (224 bits)",
"misp-attribute": "sha512/224",
"recommended": false,
"ui-priority": 0
},
"sha512/256": {
"description": "Secure Hash Algorithm 2 (256 bits)",
"misp-attribute": "sha512/256",
"recommended": false,
"ui-priority": 0
},
"size-in-bytes": {
"description": "Size of the section, in bytes",
"disable_correlation": true,
"misp-attribute": "size-in-bytes",
"ui-priority": 1
},
"ssdeep": {
"description": "Fuzzy hash using context triggered piecewise hashes (CTPH)",
"misp-attribute": "ssdeep",
"ui-priority": 0
},
"text": {
"description": "Free text value to attach to the section",
"disable_correlation": true,
"misp-attribute": "text",
"recommended": false,
"ui-priority": 1
},
"type": {
"description": "Type of the section",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"NULL",
"PROGBITS",
"SYMTAB",
"STRTAB",
"RELA",
"HASH",
"DYNAMIC",
"NOTE",
"NOBITS",
"REL",
"SHLIB",
"DYNSYM",
"INIT_ARRAY",
"FINI_ARRAY",
"PREINIT_ARRAY",
"GROUP",
"SYMTAB_SHNDX",
"LOOS",
"GNU_ATTRIBUTES",
"GNU_HASH",
"GNU_VERDEF",
"GNU_VERNEED",
"GNU_VERSYM",
"HIOS",
"LOPROC",
"ARM_EXIDX",
"ARM_PREEMPTMAP",
"HEX_ORDERED",
"X86_64_UNWIND",
"MIPS_REGINFO",
"MIPS_OPTIONS",
"MIPS_ABIFLAGS",
"HIPROC",
"LOUSER",
"HIUSER"
],
"ui-priority": 0
}
},
"description": "Object describing a section of an Executable and Linkable Format",
"meta-category": "file",
"name": "elf-section",
"requiredOneOf": [
"text",
"name",
"md5",
"sha1",
"sha224",
"sha256",
"sha384",
"sha512",
"sha512/224",
"sha512/256"
],
"uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
"version": 4
}