Use of upstream field

[conorfitch]

I was recently thinking it would be useful to have data on which MAL records are part of the same supply chain attack, e.g. "s1ngularity" or "Shai-Hulud 3".

The upstream field is used by some databases for providing an asymmetric relationship between a CVE and an advisory for that vulnerability existing in a certain distribution. I was wondering if the same pattern could be used for MAL records being linked to an "upstream" MAL record to describe the details of a supply chain attack. i.e. in the upstream MAL record you can have all the references and general description of the attack (but it wouldn't contain any affected data).

Would this be a valid case for using the upstream field in this repo?