From 36bba25444d2a23b573108dbc5d35d5023dadd7e Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 18 Dec 2024 08:57:19 +0100
Subject: [PATCH 1/5] fix: [android-app] also includes SHA256 of the APK
 certificate

---
 objects/android-app/definition.json | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/objects/android-app/definition.json b/objects/android-app/definition.json
index 2216b3b4..39595487 100644
--- a/objects/android-app/definition.json
+++ b/objects/android-app/definition.json
@@ -7,11 +7,17 @@
       "ui-priority": 1
     },
     "certificate": {
-      "description": "Android certificate",
+      "description": "Android certificate (SHA1)",
       "misp-attribute": "sha1",
       "multiple": true,
       "ui-priority": 1
     },
+    "certificate-sha256": {
+      "description": "Android certificate (SHA256)",
+      "misp-attribute": "sha256",
+      "multiple": true,
+      "ui-priority": 1
+    },
     "domain": {
       "description": "Domain used by the app",
       "misp-attribute": "domain",
@@ -39,5 +45,5 @@
     "sha256"
   ],
   "uuid": "92836f23-4730-4eae-82ac-9f00d5299735",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file

From d2cca68c23f262b1ff6bf7e05edea484879175d0 Mon Sep 17 00:00:00 2001
From: Romain Kieffer <romain.kieffer@nc3.lu>
Date: Thu, 19 Dec 2024 09:56:40 +0100
Subject: [PATCH 2/5] new: [spambee-report] Created an object to symbolize a
 Spambee analysis report in MISP

Signed-off-by: Romain Kieffer <romain.kieffer@nc3.lu>
---
 README.md                              |  1 +
 objects/spambee-report/definition.json | 54 ++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 objects/spambee-report/definition.json

diff --git a/README.md b/README.md
index 3220f956..ab022d85 100644
--- a/README.md
+++ b/README.md
@@ -396,6 +396,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID
 - [objects/sigmf-recording](https://github.com/MISP/misp-objects/blob/main/objects/sigmf-recording/definition.json) - An object representing a single IQ/RF sample in the Signal Metadata Format Specification (SigMF).
 - [objects/social-media-group](https://github.com/MISP/misp-objects/blob/main/objects/social-media-group/definition.json) - Social media group object template describing a public or private group or channel.
 - [objects/software](https://github.com/MISP/misp-objects/blob/main/objects/software/definition.json) - The Software object represents high-level properties associated with software, including software products. STIX 2.1 - 6.14.
+- [objects/spambee-report](https://github.com/MISP/misp-objects/main/objects/spambee-report/definition.json) - A Spambee analysis report.
 - [objects/spearphishing-attachment](https://github.com/MISP/misp-objects/blob/main/objects/spearphishing-attachment/definition.json) - Spearphishing Attachment.
 - [objects/spearphishing-link](https://github.com/MISP/misp-objects/blob/main/objects/spearphishing-link/definition.json) - Spearphishing Link.
 - [objects/splunk](https://github.com/MISP/misp-objects/blob/main/objects/splunk/definition.json) - Splunk / Splunk ES object.
diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json
new file mode 100644
index 00000000..ce18eae6
--- /dev/null
+++ b/objects/spambee-report/definition.json
@@ -0,0 +1,54 @@
+{
+  "attributes": {
+    "privacy": {
+      "description": "User has requested privacy",
+      "misp-atrubute": "boolean",
+      "disable-correlation": true,
+      "ui-priority": 0
+    },
+    "feedback-requested": {
+      "description": "User has requested feedback",
+      "misp-atrubute": "boolean",
+      "disable-correlation": true,
+      "ui-priority": 0
+    },
+    "feedback-sent": {
+      "description": "Feedback has been sent to user",
+      "misp-atrubute": "boolean",
+      "disable-correlation": true,
+      "ui-priority": 0
+    },
+    "feedback-time": {
+      "description": "Timestamp of the feedback",
+      "misp-atrubute": "datetime",
+      "disable-correlation": true,
+      "ui-priority": 0
+    },
+    "report-uid": {
+      "categories": [
+        "Internal reference"
+      ],
+      "description": "Internal reference to the Spambee report",
+      "misp-atrubute": "text",
+      "disable-correlation": true,
+      "ui-priority": 0
+    },
+    "report-status": {
+      "categories": [
+        "External analysis"
+      ],
+      "description": "Result of the Spambee analysis for the submitted email",
+      "misp-atrubute": "text",
+      "disable-correlation": true,
+      "ui-priority": 0
+    }
+  },
+  "description": "A Spambee analysis report",
+  "meta-category": "network",
+  "name": "spambee-report",
+  "requiredOneOf": [
+    "report-uid"
+  ],
+  "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352",
+  "version": 1
+}

From df070cdaf8235edbd8dadb430e8549ff342dd3cb Mon Sep 17 00:00:00 2001
From: Romain Kieffer <romain.kieffer@nc3.lu>
Date: Thu, 19 Dec 2024 10:36:08 +0100
Subject: [PATCH 3/5] chg: [spambee-object] Correct jq

Signed-off-by: Romain Kieffer <romain.kieffer@nc3.lu>
---
 objects/spambee-report/definition.json | 32 +++++++++++++-------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json
index ce18eae6..68566e3f 100644
--- a/objects/spambee-report/definition.json
+++ b/objects/spambee-report/definition.json
@@ -1,36 +1,27 @@
 {
   "attributes": {
-    "privacy": {
-      "description": "User has requested privacy",
-      "misp-atrubute": "boolean",
-      "disable-correlation": true,
-      "ui-priority": 0
-    },
     "feedback-requested": {
       "description": "User has requested feedback",
-      "misp-atrubute": "boolean",
       "disable-correlation": true,
+      "misp-atrubute": "boolean",
       "ui-priority": 0
     },
     "feedback-sent": {
       "description": "Feedback has been sent to user",
-      "misp-atrubute": "boolean",
       "disable-correlation": true,
+      "misp-atrubute": "boolean",
       "ui-priority": 0
     },
     "feedback-time": {
       "description": "Timestamp of the feedback",
-      "misp-atrubute": "datetime",
       "disable-correlation": true,
+      "misp-atrubute": "datetime",
       "ui-priority": 0
     },
-    "report-uid": {
-      "categories": [
-        "Internal reference"
-      ],
-      "description": "Internal reference to the Spambee report",
-      "misp-atrubute": "text",
+    "privacy": {
+      "description": "User has requested privacy",
       "disable-correlation": true,
+      "misp-atrubute": "boolean",
       "ui-priority": 0
     },
     "report-status": {
@@ -38,8 +29,17 @@
         "External analysis"
       ],
       "description": "Result of the Spambee analysis for the submitted email",
+      "disable-correlation": true,
       "misp-atrubute": "text",
+      "ui-priority": 0
+    },
+    "report-uid": {
+      "categories": [
+        "Internal reference"
+      ],
+      "description": "Internal reference to the Spambee report",
       "disable-correlation": true,
+      "misp-atrubute": "text",
       "ui-priority": 0
     }
   },
@@ -51,4 +51,4 @@
   ],
   "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352",
   "version": 1
-}
+}
\ No newline at end of file

From 9ff2723ff51889e83bc568c6cf4f24350896a9d6 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 19 Dec 2024 10:48:20 +0100
Subject: [PATCH 4/5] fix: [spambee-report] updated

---
 objects/spambee-report/definition.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json
index 68566e3f..b4bc119b 100644
--- a/objects/spambee-report/definition.json
+++ b/objects/spambee-report/definition.json
@@ -3,25 +3,25 @@
     "feedback-requested": {
       "description": "User has requested feedback",
       "disable-correlation": true,
-      "misp-atrubute": "boolean",
+      "misp-attribute": "boolean",
       "ui-priority": 0
     },
     "feedback-sent": {
       "description": "Feedback has been sent to user",
       "disable-correlation": true,
-      "misp-atrubute": "boolean",
+      "misp-attribute": "boolean",
       "ui-priority": 0
     },
     "feedback-time": {
       "description": "Timestamp of the feedback",
       "disable-correlation": true,
-      "misp-atrubute": "datetime",
+      "misp-attribute": "datetime",
       "ui-priority": 0
     },
     "privacy": {
       "description": "User has requested privacy",
       "disable-correlation": true,
-      "misp-atrubute": "boolean",
+      "misp-attribute": "boolean",
       "ui-priority": 0
     },
     "report-status": {
@@ -30,7 +30,7 @@
       ],
       "description": "Result of the Spambee analysis for the submitted email",
       "disable-correlation": true,
-      "misp-atrubute": "text",
+      "misp-attribute": "text",
       "ui-priority": 0
     },
     "report-uid": {
@@ -39,7 +39,7 @@
       ],
       "description": "Internal reference to the Spambee report",
       "disable-correlation": true,
-      "misp-atrubute": "text",
+      "misp-attribute": "text",
       "ui-priority": 0
     }
   },
@@ -50,5 +50,5 @@
     "report-uid"
   ],
   "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352",
-  "version": 1
+  "version": 2
 }
\ No newline at end of file

From d3a5c2c02d3f0daf1cf1b07ef1deeb937d4c2ec1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 19 Dec 2024 10:52:46 +0100
Subject: [PATCH 5/5] chg: [spambee-report] updated

---
 objects/spambee-report/definition.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/objects/spambee-report/definition.json b/objects/spambee-report/definition.json
index b4bc119b..b3d29d9b 100644
--- a/objects/spambee-report/definition.json
+++ b/objects/spambee-report/definition.json
@@ -2,25 +2,25 @@
   "attributes": {
     "feedback-requested": {
       "description": "User has requested feedback",
-      "disable-correlation": true,
+      "disable_correlation": true,
       "misp-attribute": "boolean",
       "ui-priority": 0
     },
     "feedback-sent": {
       "description": "Feedback has been sent to user",
-      "disable-correlation": true,
+      "disable_correlation": true,
       "misp-attribute": "boolean",
       "ui-priority": 0
     },
     "feedback-time": {
       "description": "Timestamp of the feedback",
-      "disable-correlation": true,
+      "disable_correlation": true,
       "misp-attribute": "datetime",
       "ui-priority": 0
     },
     "privacy": {
       "description": "User has requested privacy",
-      "disable-correlation": true,
+      "disable_correlation": true,
       "misp-attribute": "boolean",
       "ui-priority": 0
     },
@@ -29,7 +29,7 @@
         "External analysis"
       ],
       "description": "Result of the Spambee analysis for the submitted email",
-      "disable-correlation": true,
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 0
     },
@@ -38,7 +38,7 @@
         "Internal reference"
       ],
       "description": "Internal reference to the Spambee report",
-      "disable-correlation": true,
+      "disable_correlation": true,
       "misp-attribute": "text",
       "ui-priority": 0
     }
@@ -50,5 +50,5 @@
     "report-uid"
   ],
   "uuid": "305d6e6c-bb4d-4b9a-abf5-9f34d1322352",
-  "version": 2
+  "version": 3
 }
\ No newline at end of file