MISP mapping changed key as object to add optional fields like colour,

description.

mapping/mapping.json

@@ -1,44 +1,59 @@
 {
-  "ransomware": [
+  "DDoS": {
-    "veris:action:malware:variety=\"Ransomware\"",
+    "values": [
-    "ecsirt:malicious-code=\"ransomware\"",
+      "ecsirt:availability=\"ddos\"",
-    "enisa:nefarious-activity-abuse=\"ransomware\"",
+      "europol-incident:availability=\"dos-ddos\"",
-    "malware_classification:malware-category=\"Ransomware\"",
+      "ms-caro-malware:malware-type=\"DDoS\"",
-    "ms-caro-malware:malware-type=\"Ransom\"",
+      "circl:incident-classification=\"denial-of-service\"",
-    "veris:action:malware:variety=\"Ransomware\""
+      "enisa:nefarious-activity-abuse=\"denial-of-service\""
-  ],
+    ]
-  "Remote Access Tool": [
+  },
-    "enisa:nefarious-activity-abuse=\"remote-access-tool\"",
+  "SQLi": {
-    "ms-caro-malware:malware-type=\"RemoteAccess\""
+    "values": [
-  ],
+      "circl:incident-classification=\"sql-injection\"",
-  "malware": [
+      "veris:action:malware:variety=\"SQL injection\"",
-    "ecsirt:malicious-code=\"malware\"",
+      "veris:action:hacking:variety=\"SQLi\"",
-    "circl:incident-classification=\"malware\""
+      "enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
-  ],
+      "europol-event:sql-injection"
-  "exploit": [
+    ]
-    "veris:action:malware:variety=\"Exploit vuln\"",
+  },
-    "ecsirt:intrusion-attempts=\"exploit\"",
+  "rootkit": {
-    "europol-event:exploit",
+    "values": [
-    "europol-incident:intrusion=\"exploitation-vulnerability\"",
+      "veris:action:malware:variety=\"Rootkit\"",
-    "ms-caro-malware:malware-type=\"Exploit\""
+      "enisa:nefarious-activity-abuse=\"rootkits\"",
-  ],
+      "malware_classification:malware-category=\"Rootkit\""
-  "rootkit": [
+    ]
-   "veris:action:malware:variety=\"Rootkit\"",
+  },
-   "enisa:nefarious-activity-abuse=\"rootkits\"",
+  "exploit": {
-   "malware_classification:malware-category=\"Rootkit\""
+    "values": [
-  ],
+      "veris:action:malware:variety=\"Exploit vuln\"",
-  "SQLi": [
+      "ecsirt:intrusion-attempts=\"exploit\"",
-   "circl:incident-classification=\"sql-injection\"",
+      "europol-event:exploit",
-   "veris:action:malware:variety=\"SQL injection\"",
+      "europol-incident:intrusion=\"exploitation-vulnerability\"",
-   "veris:action:hacking:variety=\"SQLi\"",
+      "ms-caro-malware:malware-type=\"Exploit\""
-   "enisa:nefarious-activity-abuse=\"web-application-attacks-injection-attacks-code-injection-SQL-XSS\"",
+    ]
-   "europol-event:sql-injection"
+  },
-  ],
+  "malware": {
-  "DDoS": [
+    "values": [
-   "ecsirt:availability=\"ddos\"",
+      "ecsirt:malicious-code=\"malware\"",
-   "europol-incident:availability=\"dos-ddos\"",
+      "circl:incident-classification=\"malware\""
-   "ms-caro-malware:malware-type=\"DDoS\"",
+    ]
-   "circl:incident-classification=\"denial-of-service\"",
+  },
-   "enisa:nefarious-activity-abuse=\"denial-of-service\""
+  "Remote Access Tool": {
-  ]
+    "values": [
+      "enisa:nefarious-activity-abuse=\"remote-access-tool\"",
+      "ms-caro-malware:malware-type=\"RemoteAccess\""
+    ]
+  },
+  "ransomware": {
+    "values": [
+      "veris:action:malware:variety=\"Ransomware\"",
+      "ecsirt:malicious-code=\"ransomware\"",
+      "enisa:nefarious-activity-abuse=\"ransomware\"",
+      "malware_classification:malware-category=\"Ransomware\"",
+      "ms-caro-malware:malware-type=\"Ransom\"",
+      "veris:action:malware:variety=\"Ransomware\""
+    ],
+    "description": "Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. (as defined by Wikipedia)"
+  }
 }