From 732476d7cae836b02a7e0648f5349a7faae3c3f4 Mon Sep 17 00:00:00 2001
From: Sascha Rommelfangen <sascha@rommelfangen.de>
Date: Fri, 1 Feb 2019 09:37:31 +0100
Subject: [PATCH] added values valuable to operators

---
 objects/phishing/definition.json | 35 +++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/objects/phishing/definition.json b/objects/phishing/definition.json
index 3fc7948..958295c 100644
--- a/objects/phishing/definition.json
+++ b/objects/phishing/definition.json
@@ -55,13 +55,46 @@
       "misp-attribute": "datetime",
       "disable_correlation": true
     },
+    "takedown-request": {
+      "description": "When the phishing was requested to be taken down",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    },
+    "takedown-request-to": {
+      "description": "Destination email address for take-down request",
+      "misp-attribute": "email-dst",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "categories": [
+        "Network activity"
+      ],
+      "multiple": true
+    },
     "target": {
       "description": "Targeted organisation by the phishing",
       "ui-priority": 0,
       "misp-attribute": "text"
+    },
+    "screenshot": {
+      "description": "Screenshot of phishing site",
+      "misp-attribute": "attachment",
+      "disable_correlation": true,
+      "ui-priority": 1,
+      "categories": [
+        "External analysis"
+      ]
+    },
+    "internal reference": {
+      "description": "Internal reference such as ticket ID",
+      "ui-priority": 1,
+      "misp-attribute": "text",
+      "categories": [
+        "Internal reference"
+      ]
     }
   },
-  "version": 1,
+  "version": 2,
   "description": "Phishing template to describe a phishing website and its analysis.",
   "meta-category": "network",
   "uuid": "2dad6f9d-d425-4217-8fda-0b0a2d815307",