misp-objects/objects/ransom-negotiation/definition.json

{
  "attributes": {
    "wallet-address": {
      "description": "A cryptocoin wallet address",
      "disable_correlation": false,
      "misp-attribute": "btc",
      "ui-priority": 6
    },
    "time": {
      "description": "Date and time of transaction",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 5
    },
    "initial_ransom": {
      "description": "Initial ransom demand in the currency as displayed in field 'currency'",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 0
    },
    "final_ransom":{
      "description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 1
    },
    "currency":{
      "description": "The currency of the initial demand. Often USD or BTC.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 3
    },
    "value_EUR": {
      "description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 4
    },
    "annual_revenue_EUR": {
      "description": "Annual revenue of the targeted organisation in EUR",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 7
    },
    "data_stolen": {
      "description": "Was data exfiltrated in this incident?",
      "disable_correlation": true,
      "misp-attribute": "boolean",
      "ui-priority": 9
    },
    "data_leaked": {
      "description": "Was data leaked in this incident?",
      "disable_correlation": true,
      "misp-attribute": "boolean",
      "ui-priority": 10
    },
    "url_leaksite": {
      "description": "URL of the leaksite",
      "disable_correlation": false,
      "misp-attribute": "url",
      "ui-priority": 11
    },
    "email_address": {
      "description": "Contact address, if any",
      "disable_correlation": false,
      "misp-attribute": "text",
      "ui-priority": 12
    },
    "Remarks": {
      "description": "Remarks",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 13
    },
    "percentage_of_revenue": {
      "description": "Percentage of the annual revenue that the ransom demand amounts to",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 8
    },
    "negotiations_transcript": {
    "description": "Transcript of the negotiations",
    "disable_correlation": true,
    "misp-attribute": "text",
    "ui-priority": 14
    },
    "negotiations_screenshot": {
    "description": "Screenshot of the negotiations",
    "disable_correlation": true,
    "misp-attribute": "text",
    "ui-priority": 15
    },
    "discount": {
      "description": "Discount after negotiations",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 2
    }
  },
  "description": "An object to describe ransom negotiations, as seen in ransomware incidents.",
  "meta-category": "financial",
  "name": "ransom-negotiation",
  "requiredOneOf": [
    "wallet-address"
  ],
  "uuid": "FB72F951-DE2E-4B54-A570-8FC560A74B06",
  "version": 1.1
}
Initial commit 2022-05-04 16:49:17 +02:00			`{`
			`"attributes": {`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"wallet-address": {`
			`"description": "A cryptocoin wallet address",`
			`"disable_correlation": false,`
			`"misp-attribute": "btc",`
			`"ui-priority": 6`
			`},`
			`"time": {`
			`"description": "Date and time of transaction",`
			`"disable_correlation": true,`
			`"misp-attribute": "datetime",`
			`"ui-priority": 5`
			`},`
			`"initial_ransom": {`
			`"description": "Initial ransom demand in the currency as displayed in field 'currency'",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "float",`
			`"ui-priority": 0`
			`},`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"final_ransom":{`
			`"description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "float",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"ui-priority": 1`
Initial commit 2022-05-04 16:49:17 +02:00			`},`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"currency":{`
			`"description": "The currency of the initial demand. Often USD or BTC.",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 3`
			`},`
			`"value_EUR": {`
			`"description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "float",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"ui-priority": 4`
Initial commit 2022-05-04 16:49:17 +02:00			`},`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"annual_revenue_EUR": {`
			`"description": "Annual revenue of the targeted organisation in EUR",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"misp-attribute": "float",`
			`"ui-priority": 7`
Initial commit 2022-05-04 16:49:17 +02:00			`},`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"data_stolen": {`
			`"description": "Was data exfiltrated in this incident?",`
			`"disable_correlation": true,`
			`"misp-attribute": "boolean",`
			`"ui-priority": 9`
			`},`
Fixed email attribute type, fixed typo 2022-05-05 15:38:19 +02:00			`"data_leaked": {`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"description": "Was data leaked in this incident?",`
			`"disable_correlation": true,`
			`"misp-attribute": "boolean",`
			`"ui-priority": 10`
			`},`
			`"url_leaksite": {`
			`"description": "URL of the leaksite",`
			`"disable_correlation": false,`
			`"misp-attribute": "url",`
			`"ui-priority": 11`
			`},`
			`"email_address": {`
			`"description": "Contact address, if any",`
			`"disable_correlation": false,`
Fixed email attribute type, fixed typo 2022-05-05 15:38:19 +02:00			`"misp-attribute": "text",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"ui-priority": 12`
			`},`
			`"Remarks": {`
			`"description": "Remarks",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 13`
			`},`
			`"percentage_of_revenue": {`
			`"description": "Percentage of the annual revenue that the ransom demand amounts to",`
			`"disable_correlation": true,`
			`"misp-attribute": "float",`
			`"ui-priority": 8`
			`},`
Added transcript and screenshot fields 2022-05-05 15:48:31 +02:00			`"negotiations_transcript": {`
			`"description": "Transcript of the negotiations",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 14`
			`},`
			`"negotiations_screenshot": {`
			`"description": "Screenshot of the negotiations",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 15`
			`},`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"discount": {`
			`"description": "Discount after negotiations",`
			`"disable_correlation": true,`
			`"misp-attribute": "float",`
			`"ui-priority": 2`
Initial commit 2022-05-04 16:49:17 +02:00			`}`
			`},`
			`"description": "An object to describe ransom negotiations, as seen in ransomware incidents.",`
			`"meta-category": "financial",`
			`"name": "ransom-negotiation",`
			`"requiredOneOf": [`
			`"wallet-address"`
			`],`
			`"uuid": "FB72F951-DE2E-4B54-A570-8FC560A74B06",`
Added transcript and screenshot fields 2022-05-05 15:48:31 +02:00			`"version": 1.1`
Initial commit 2022-05-04 16:49:17 +02:00			`}`