misp-objects/objects/ransom-negotiation/definition.json

{
  "attributes": {
    "Remarks": {
      "description": "Remarks",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 860
    },
    "annual_revenue_EUR": {
      "description": "Annual revenue of the targeted organisation in EUR",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 920
    },
    "chatsite": {
      "description": "Chatsite where the negotiations take place",
      "disable_correlation": true,
      "misp-attribute": "url",
      "to_ids": false,
      "ui-priority": 835
    },
    "chatsite_id_private": {
      "description": "Second, private, chat ID given by actor",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 833
    },
    "chatsite_id_public": {
      "description": "Initial chat ID given by actor",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 834
    },
    "currency": {
      "description": "The currency of the initial demand. Often USD or BTC.",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 960
    },
    "data_leaked": {
      "description": "Was data leaked in this incident?",
      "disable_correlation": true,
      "misp-attribute": "boolean",
      "sane_default": [
        "True",
        "False"
      ],
      "ui-priority": 890
    },
    "data_stolen": {
      "description": "Was data exfiltrated in this incident?",
      "disable_correlation": true,
      "misp-attribute": "boolean",
      "sane_default": [
        "True",
        "False"
      ],
      "ui-priority": 900
    },
    "discount": {
      "description": "Discount after negotiations",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 970
    },
    "email_address": {
      "description": "Contact address, if any",
      "disable_correlation": false,
      "misp-attribute": "text",
      "ui-priority": 870
    },
    "final_ransom": {
      "description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 980
    },
    "initial_ransom": {
      "description": "Initial ransom demand in the currency as displayed in field 'currency'",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 900
    },
    "negotiations_screenshot": {
      "description": "Screenshot of the negotiations",
      "disable_correlation": true,
      "misp-attribute": "attachment",
      "multiple": true,
      "ui-priority": 840
    },
    "negotiations_transcript": {
      "description": "Transcript of the negotiations",
      "disable_correlation": true,
      "misp-attribute": "text",
      "ui-priority": 850
    },
    "pay_for_deletion": {
      "description": "Does the target need/want to pay for data deletion",
      "disable_correlation": true,
      "misp-attribute": "boolean",
      "sane_default": [
        "True",
        "False"
      ],
      "ui-priority": 906
    },
    "pay_for_encryptor": {
      "description": "Does the target need/want to pay for the decryptor",
      "disable_correlation": true,
      "misp-attribute": "boolean",
      "sane_default": [
        "True",
        "False"
      ],
      "ui-priority": 908
    },
    "percentage_of_revenue": {
      "description": "Percentage of the annual revenue that the ransom demand amounts to",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 910
    },
    "time": {
      "description": "Date and time of transaction",
      "disable_correlation": true,
      "misp-attribute": "datetime",
      "ui-priority": 940
    },
    "url_leaksite": {
      "description": "URL of the leaksite",
      "disable_correlation": false,
      "misp-attribute": "url",
      "ui-priority": 880
    },
    "value_EUR": {
      "description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",
      "disable_correlation": true,
      "misp-attribute": "float",
      "ui-priority": 950
    },
    "wallet-address": {
      "description": "A cryptocoin wallet address",
      "disable_correlation": false,
      "misp-attribute": "btc",
      "ui-priority": 930
    }
  },
  "description": "An object to describe ransom negotiations, as seen in ransomware incidents.",
  "meta-category": "financial",
  "name": "ransom-negotiation",
  "uuid": "FB72F951-DE2E-4B54-A570-8FC560A74B06",
  "version": 2
}
Initial commit 2022-05-04 16:49:17 +02:00			`{`
			`"attributes": {`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"Remarks": {`
			`"description": "Remarks",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 860`
Initial commit 2022-05-04 16:49:17 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"annual_revenue_EUR": {`
			`"description": "Annual revenue of the targeted organisation in EUR",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "float",`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 920`
Initial commit 2022-05-04 16:49:17 +02:00			`},`
Added fields 2022-05-20 15:53:29 +02:00			`"chatsite": {`
			`"description": "Chatsite where the negotiations take place",`
			`"disable_correlation": true,`
			`"misp-attribute": "url",`
			`"to_ids": false,`
			`"ui-priority": 835`
			`},`
			`"chatsite_id_private": {`
			`"description": "Second, private, chat ID given by actor",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 833`
			`},`
			`"chatsite_id_public": {`
			`"description": "Initial chat ID given by actor",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 834`
			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"currency": {`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"description": "The currency of the initial demand. Often USD or BTC.",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`"ui-priority": 960`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"data_leaked": {`
			`"description": "Was data leaked in this incident?",`
Initial commit 2022-05-04 16:49:17 +02:00			`"disable_correlation": true,`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"misp-attribute": "boolean",`
Added sane defaults to all booleans 2022-05-06 13:48:12 +02:00			`"sane_default": [`
			`"True",`
			`"False"`
			`],`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 890`
Initial commit 2022-05-04 16:49:17 +02:00			`},`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"data_stolen": {`
			`"description": "Was data exfiltrated in this incident?",`
			`"disable_correlation": true,`
			`"misp-attribute": "boolean",`
Added sane defaults to all booleans 2022-05-06 13:48:12 +02:00			`"sane_default": [`
			`"True",`
			`"False"`
			`],`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`"ui-priority": 900`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"discount": {`
			`"description": "Discount after negotiations",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"disable_correlation": true,`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"misp-attribute": "float",`
			`"ui-priority": 970`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`},`
			`"email_address": {`
			`"description": "Contact address, if any",`
			`"disable_correlation": false,`
Fixed email attribute type, fixed typo 2022-05-05 15:38:19 +02:00			`"misp-attribute": "text",`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`"ui-priority": 870`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"final_ransom": {`
			`"description": "Final ransom amount after negotiations, in the currency as displayed in field 'currency'",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"disable_correlation": true,`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"misp-attribute": "float",`
			`"ui-priority": 980`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"initial_ransom": {`
			`"description": "Initial ransom demand in the currency as displayed in field 'currency'",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "float",`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 900`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"negotiations_screenshot": {`
			`"description": "Screenshot of the negotiations",`
			`"disable_correlation": true,`
			`"misp-attribute": "attachment",`
Added fields 2022-05-20 15:53:29 +02:00			`"multiple": true,`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 840`
			`},`
			`"negotiations_transcript": {`
			`"description": "Transcript of the negotiations",`
			`"disable_correlation": true,`
			`"misp-attribute": "text",`
			`"ui-priority": 850`
			`},`
			`"pay_for_deletion": {`
Fixed spelling mistakes 2022-05-06 14:09:50 +02:00			`"description": "Does the target need/want to pay for data deletion",`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "boolean",`
			`"sane_default": [`
			`"True",`
			`"False"`
			`],`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 906`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"pay_for_encryptor": {`
Fixed spelling mistakes 2022-05-06 14:09:50 +02:00			`"description": "Does the target need/want to pay for the decryptor",`
Added need/want for decryptor and data deletion 2022-05-06 13:25:31 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "boolean",`
			`"sane_default": [`
			`"True",`
			`"False"`
			`],`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 908`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"percentage_of_revenue": {`
			`"description": "Percentage of the annual revenue that the ransom demand amounts to",`
			`"disable_correlation": true,`
			`"misp-attribute": "float",`
			`"ui-priority": 910`
Added transcript and screenshot fields 2022-05-05 15:48:31 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"time": {`
			`"description": "Date and time of transaction",`
			`"disable_correlation": true,`
			`"misp-attribute": "datetime",`
			`"ui-priority": 940`
Added transcript and screenshot fields 2022-05-05 15:48:31 +02:00			`},`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"url_leaksite": {`
			`"description": "URL of the leaksite",`
			`"disable_correlation": false,`
			`"misp-attribute": "url",`
			`"ui-priority": 880`
			`},`
			`"value_EUR": {`
			`"description": "Value in EUR of the final ransom amount, with conversion rate as of date/time displayed in field 'time'",`
v1 of ransom-negotiation object 2022-05-05 15:18:22 +02:00			`"disable_correlation": true,`
			`"misp-attribute": "float",`
bumped version number, fixed stray typo 2022-05-06 13:38:11 +02:00			`"ui-priority": 950`
			`},`
			`"wallet-address": {`
			`"description": "A cryptocoin wallet address",`
			`"disable_correlation": false,`
			`"misp-attribute": "btc",`
			`"ui-priority": 930`
Initial commit 2022-05-04 16:49:17 +02:00			`}`
			`},`
			`"description": "An object to describe ransom negotiations, as seen in ransomware incidents.",`
			`"meta-category": "financial",`
			`"name": "ransom-negotiation",`
			`"uuid": "FB72F951-DE2E-4B54-A570-8FC560A74B06",`
Added some field from feedback 2022-05-20 15:50:31 +02:00			`"version": 2`
Ran validation 2022-05-07 08:00:38 +02:00			`}`