From 5df2b85367d878a913fac3b62a1b62ae50d982a2 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 1 Oct 2020 15:07:02 +0200
Subject: [PATCH 1/2] chg: [types] updated

---
 categories-and-types/README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/categories-and-types/README.md b/categories-and-types/README.md
index f310bbe..a58deac 100644
--- a/categories-and-types/README.md
+++ b/categories-and-types/README.md
@@ -113,6 +113,7 @@
 |passport-country| | | | | | |
 |passport-expiration| | | | | | |
 |passport-number| | | | | | |
+|pattern-filename| | | | | | |
 |pattern-in-file| | X | | X | | |
 |pattern-in-memory| | X | | X | | |
 |pattern-in-traffic| | | | X | | |
@@ -294,6 +295,7 @@
 |passport-country| | | | | | |
 |passport-expiration| | | | | | |
 |passport-number| | | | | | |
+|pattern-filename| | | | | | |
 |pattern-in-file| X | | X | X | | |
 |pattern-in-memory| | | | X | | |
 |pattern-in-traffic| X | | X | X | | |
@@ -475,6 +477,7 @@
 |passport-country| X | | | |
 |passport-expiration| X | | | |
 |passport-number| X | | | |
+|pattern-filename| | | | |
 |pattern-in-file| | | | |
 |pattern-in-memory| | | | |
 |pattern-in-traffic| | | | |
@@ -676,6 +679,7 @@
 *   **passport-country**: The country in which the passport was issued
 *   **passport-expiration**: The expiration date of a passport
 *   **passport-number**: The passport number of a natural person
+*   **pattern-filename**: A pattern in the name of a file
 *   **pattern-in-file**: Pattern in file that identifies the malware
 *   **pattern-in-memory**: Pattern in memory dump that identifies the malware
 *   **pattern-in-traffic**: Pattern in network traffic that identifies the malware

From 877f3ffc0580c63999e34204d901623ccef0dc06 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 13 Oct 2020 22:31:47 +0200
Subject: [PATCH 2/2] chg: [type] telfhash added

---
 categories-and-types/README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/categories-and-types/README.md b/categories-and-types/README.md
index a58deac..6ccbc62 100644
--- a/categories-and-types/README.md
+++ b/categories-and-types/README.md
@@ -156,6 +156,7 @@
 |target-machine| | | | | | |
 |target-org| | | | | | |
 |target-user| | | | | | |
+|telfhash| | X | | | | |
 |text| X | X | X | X | X | X |
 |threat-actor| | | X | | | |
 |tlsh| | | | | | |
@@ -338,6 +339,7 @@
 |target-machine| | | | | | |
 |target-org| | | | | | |
 |target-user| | | | | | |
+|telfhash| | | X | X | | |
 |text| X | X | X | X | X | X |
 |threat-actor| | | | | | |
 |tlsh| | | X | X | | |
@@ -520,6 +522,7 @@
 |target-machine| | | | X |
 |target-org| | | | X |
 |target-user| | | | X |
+|telfhash| | | | |
 |text| X | X | X | |
 |threat-actor| | | | |
 |tlsh| | | | |
@@ -722,6 +725,7 @@
 *   **target-machine**: Attack Targets Machine Name(s)
 *   **target-org**: Attack Targets Department or Organization(s)
 *   **target-user**: Attack Targets Username(s)
+*   **telfhash**: telfhash is symbol hash for ELF files, just like imphash is imports hash for PE files.
 *   **text**: Name, ID or a reference
 *   **threat-actor**: A string identifying the threat actor
 *   **tlsh**: A checksum in the Trend Micro Locality Sensitive Hash format