From c4be2b515648d00e14acfdb10a05a33eeb72dcba Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 25 Oct 2017 16:24:40 +0200
Subject: [PATCH] update mapping

---
 mapping/mapping.json | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/mapping/mapping.json b/mapping/mapping.json
index 72c197e..0ae103e 100644
--- a/mapping/mapping.json
+++ b/mapping/mapping.json
@@ -69,6 +69,7 @@
   "scan": {
     "values": [
       "circl:incident-classification=\"scan\"",
+      "ecsirt:information-gathering=\"scanner\""
       "europol-incident:information-gathering=\"scanning\""
     ]
   },
@@ -148,20 +149,23 @@
   "Trojan": {
     "values": [
       "malware_classification:malware-category=\"Trojan\"",
-      "ms-caro-malware:malware-type=\"Trojan\""
+      "ms-caro-malware:malware-type=\"Trojan\"",
+      "ecsirt:malicious-code=\"trojan\""
     ]
   },
   "Virus": {
     "values": [
       "malware_classification:malware-category=\"Virus\"",
-      "ms-caro-malware:malware-type=\"Virus\""
+      "ms-caro-malware:malware-type=\"Virus\"",
+      "ecsirt:malicious-code=\"virus\""
     ]
   },
   "Worm": {
     "values": [
       "veris:action:malware:variety=\"Worm\"",
       "malware_classification:malware-category=\"Worm\"",
-      "ms-caro-malware:malware-type=\"Worm\""
+      "ms-caro-malware:malware-type=\"Worm\"",
+      "ecsirt:malicious-code=\"worm\""
     ]
   },
   "tlp-white": {