From d60112ee661f5b006ae5f631f9e0f59c00c03a1b Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 17 Feb 2023 10:33:59 +0100
Subject: [PATCH] new: [ransomware-group-post] First draft object for
 ransomlook.io

---
 objects/ransomware-group-post/definition.json | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 objects/ransomware-group-post/definition.json

diff --git a/objects/ransomware-group-post/definition.json b/objects/ransomware-group-post/definition.json
new file mode 100644
index 0000000..c9e1852
--- /dev/null
+++ b/objects/ransomware-group-post/definition.json
@@ -0,0 +1,34 @@
+{
+  "attributes": {
+    "date": {
+      "description": "Last update of the post as seen on the ransomware group blog. Different than the first/last seen from the crawling.",
+      "misp-attribute": "datetime",
+      "ui-priority": 0
+    },
+    "description": {
+      "description": "Raw post.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    },
+    "link": {
+      "description": "Original URL location of the post.",
+      "misp-attribute": "link",
+      "ui-priority": 1
+    },
+    "title": {
+      "description": "Title of blog post.",
+      "misp-attribute": "text",
+      "ui-priority": 1
+    }
+  },
+  "description": "Ransomware group post as monitored by ransomlook.io",
+  "meta-category": "misc",
+  "name": "ransomware-group-post",
+  "requiredOneOf": [
+    "title",
+    "description",
+    "link"
+  ],
+  "uuid": "52a0e179-4942-41e6-90f5-7db856fd6f39",
+  "version": 1
+}
\ No newline at end of file