From 26c2767228d9a0ea11b40fcae5dc6ebc269f2641 Mon Sep 17 00:00:00 2001
From: goodlandsecurity <josing.jj@gmail.com>
Date: Thu, 25 Aug 2022 15:56:36 -0500
Subject: [PATCH] allow multiple of certain types. bump version

---
 .../spearphishing-attachment/definition.json  | 19 +++++++++++++++++--
 objects/spearphishing-link/definition.json    | 10 ++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/objects/spearphishing-attachment/definition.json b/objects/spearphishing-attachment/definition.json
index c438049..5dd791b 100644
--- a/objects/spearphishing-attachment/definition.json
+++ b/objects/spearphishing-attachment/definition.json
@@ -3,26 +3,31 @@
     "artifact-dropped-md5": {
       "description": "The MD5 of an additional file that was either extracted from or downloaded by the attachment.",
       "misp-attribute": "md5",
+      "multiple": true,
       "ui-priority": 1
     },
     "artifact-dropped-name": {
       "description": "Name of an additional file that was either extracted from or downloaded by the attachment.",
       "misp-attribute": "filename",
+      "multiple": true,
       "ui-priority": 0
     },
     "artifact-dropped-sha1": {
       "description": "The SHA1 of an additional file that was either extracted from or downloaded by the attachment.",
       "misp-attribute": "sha1",
+      "multiple": true,
       "ui-priority": 1
     },
     "artifact-dropped-sha256": {
       "description": "The SHA256 of an additional file that was either extracted from or downloaded by the attachment.",
       "misp-attribute": "sha256",
+      "multiple": true,
       "ui-priority": 1
     },
     "attachment-md5": {
       "description": "The MD5 of the file that was attached to the e-mail itself.",
       "misp-attribute": "md5",
+      "multiple": true,
       "ui-priority": 1
     },
     "attachment-name": {
@@ -33,26 +38,31 @@
     "attachment-sha1": {
       "description": "The SHA1 of the file that was attached to the e-mail itself.",
       "misp-attribute": "sha1",
+      "multiple": true,
       "ui-priority": 1
     },
     "attachment-sha256": {
       "description": "The SHA256 of the file that was attached to the e-mail itself.",
       "misp-attribute": "sha256",
+      "multiple": true,
       "ui-priority": 1
     },
     "c2-domain": {
       "description": "Command and control domain detected during analysis.",
       "misp-attribute": "domain",
+      "multiple": true,
       "ui-priority": 1
     },
     "c2-ip": {
       "description": "Command and control IP address detected during analysis.",
       "misp-attribute": "ip-dst",
+      "multiple": true,
       "ui-priority": 1
     },
     "c2-url": {
       "description": "Command and control URL detected during analysis.",
       "misp-attribute": "url",
+      "multiple": true,
       "ui-priority": 1
     },
     "date": {
@@ -64,26 +74,31 @@
     "email-sender": {
       "description": "The source address from which the e-mail was sent.",
       "misp-attribute": "email-src",
+      "multiple": true,
       "ui-priority": 1
     },
     "malicious-url": {
       "description": "Malicious URL that downloaded additional malware.",
       "misp-attribute": "url",
+      "multiple": true,
       "ui-priority": 1
     },
     "research-links": {
       "description": "A link to an external analysis (VirusTotal, urlscan, etc.).",
       "misp-attribute": "link",
+      "multiple": true,
       "ui-priority": 0
     },
     "sender-ip": {
       "description": "The source IP from which the e-mail was sent.",
       "misp-attribute": "ip-src",
+      "multiple": true,
       "ui-priority": 1
     },
     "subject": {
       "description": "The subject line of the e-mail.",
       "misp-attribute": "email-subject",
+      "multiple": true,
       "ui-priority": 1
     },
     "supporting-evidence": {
@@ -105,5 +120,5 @@
     "attachment-sha256"
   ],
   "uuid": "5dfcd9a9-d10c-48ae-9ba4-13c2428a994a",
-  "version": 20220520
-}
\ No newline at end of file
+  "version": 20220825
+}
diff --git a/objects/spearphishing-link/definition.json b/objects/spearphishing-link/definition.json
index 43c6053..4a3420c 100644
--- a/objects/spearphishing-link/definition.json
+++ b/objects/spearphishing-link/definition.json
@@ -9,31 +9,37 @@
     "email-sender": {
       "description": "The source address from which the e-mail was sent.",
       "misp-attribute": "email-src",
+      "multiple": true,
       "ui-priority": 1
     },
     "embedded-link": {
       "description": "The malicious URL in the e-mail body.",
       "misp-attribute": "url",
+      "multiple": true,
       "ui-priority": 1
     },
     "redirect-url": {
       "description": "The redirect URL, if any, from the malicious embedded link.",
       "misp-attribute": "url",
+      "multiple": true,
       "ui-priority": 0
     },
     "research-links": {
       "description": "A link to an external analysis (VirusTotal, urlscan, etc.).",
       "misp-attribute": "link",
+      "multiple": true,
       "ui-priority": 0
     },
     "sender-ip": {
       "description": "The source IP from which the e-mail was sent.",
       "misp-attribute": "ip-src",
+      "multiple": true,
       "ui-priority": 1
     },
     "subject": {
       "description": "The subject line of the e-mail.",
       "misp-attribute": "email-subject",
+      "multiple": true,
       "ui-priority": 1
     },
     "supporting-evidence": {
@@ -51,5 +57,5 @@
     "embedded-link"
   ],
   "uuid": "4e758e53-6c84-47b0-a19b-362f587059e2",
-  "version": 20220520
-}
\ No newline at end of file
+  "version": 20220825
+}