From 36eed9b0aa51c9eddbac9e44857fc24b324f3bdf Mon Sep 17 00:00:00 2001
From: Iglocska <andras.iklody@gmail.com>
Date: Sat, 15 Oct 2016 14:46:25 +0200
Subject: [PATCH] Added data field to attributes and shadow attributes

---
 misp-core-format/raw.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/misp-core-format/raw.md b/misp-core-format/raw.md
index 5583ecc..3eb8090 100644
--- a/misp-core-format/raw.md
+++ b/misp-core-format/raw.md
@@ -404,6 +404,13 @@ deleted represents a setting that allows attributes to be revoked. Revoked attri
 
 deleted is represented by a JSON boolean. deleted **MUST** be present.
 
+#### data
+
+data contains the base64 encoded contents of an attachment or a malware sample. For malware samples, 
+the sample **MUST** be encrypted using a password protected zip archive, with the password being "infected". 
+
+data is represented by a JSON string in base64 encoding. data **MUST** be set for attributes of type malware-sample and attachment.
+
 #### RelatedAttribute
 
 RelatedAttribute is an array of attributes correlating with the current attribute. Each element in the array represents an JSON object which contains an Attribute dictionnary with the external attributes who correlate. Each Attribute **MUST** include the id, org_id, info and a value. Only the correlations found on the local instance are shown in RelatedAttribute.
@@ -578,6 +585,13 @@ deleted represents a setting that allows shadow attributes to be revoked. Revoke
 
 deleted is represented by a JSON boolean. deleted **SHOULD** be present.
 
+#### data
+
+data contains the base64 encoded contents of an attachment or a malware sample. For malware samples, 
+the sample **MUST** be encrypted using a password protected zip archive, with the password being "infected". 
+
+data is represented by a JSON string in base64 encoding. data **MUST** be set for shadow attributes of type malware-sample and attachment.
+
 ### Org
 
 An Org object is composed of an uuid, name and id.