Merge branch 'master' of https://github.com/MISP/misp-galaxy

clusters/election-guidelines.json

@@ -161,7 +161,7 @@
         ]
       },
       "uuid": "54976d3e-7e6f-4863-9338-bc9e5041b9f2",
-      "value": "Hacking candidate laptops or email accounts"
+      "value": "Hacking/misconfiguration of government servers, communication networks, or endpoints"
     },
     {
       "description": "Hacking government websites, spreading misinformation on the election process, registered parties/candidates, or results",
@@ -332,5 +332,5 @@
       "value": "Defacement, DoS or overload of websites or other systems used for publication of the results"
     }
   ],
-  "version": 1
+  "version": 2
 }

clusters/threat-actor.json

@@ -5087,10 +5087,14 @@
         "refs": [
           "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets",
           "https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html",
-          "https://www.cfr.org/interactive/cyber-operations/leviathan"
+          "https://www.cfr.org/interactive/cyber-operations/leviathan",
+          "https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html"
         ],
         "synonyms": [
-          "TEMP.Periscope"
+          "TEMP.Periscope",
+          "TEMP.Jumper",
+          "APT 40",
+          "APT40"
         ]
       },
       "related": [
@@ -6414,6 +6418,32 @@
       },
       "uuid": "9ba291f2-b107-402d-9083-3128395ff26e",
       "value": "Operation Kabar Cobra"
+    },
+    {
+      "description": "Since April 2018, an APT group (Blind Eagle, APT-C-36) suspected coming from South America carried out continuous targeted attacks against Colombian government institutions as well as important corporations in financial sector, petroleum industry, professional manufacturing, etc.",
+      "meta": {
+        "refs": [
+          "https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/"
+        ],
+        "synonyms": [
+          "Blind Eagle"
+        ]
+      },
+      "uuid": "ae1c64ff-5a37-4291-97f8-ea402c63efd0",
+      "value": "APT-C-36"
+    },
+    {
+      "description": "Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we are calling IRIDIUM. This actor targets sensitive government, diplomatic, and military resources in the countries comprising the Five Eyes intelligence alliance (which includes Australia, Canada, New Zealand, the United Kingdom and the United States)",
+      "meta": {
+        "attribution-confidence": "10",
+        "country": "IR",
+        "refs": [
+          "https://resecurity.com/blog/parliament_races/",
+          "https://www.nbcnews.com/politics/national-security/iranian-backed-hackers-stole-data-major-u-s-government-contractor-n980986"
+        ]
+      },
+      "uuid": "29cfe970-5446-4cfc-a2da-00e9f49e02ba",
+      "value": "IRIDIUM"
     }
   ],
   "version": 96

clusters/tool.json

@@ -7562,7 +7562,17 @@
       },
       "uuid": "f0fc5ab9-4973-42b3-a2f6-25ff551b5566",
       "value": "StealthWorker"
+    },
+    {
+      "description": "The SLUB backdoor is a custom one written in the C++ programming language, statically linking curl library to perform multiple HTTP requests. Other statically-linked libraries are boost (for extracting commands from gist snippets) and JsonCpp (for parsing slack channel communication).",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/"
+        ]
+      },
+      "uuid": "bb6492fa-36b5-4f4a-a787-e718e7f9997f",
+      "value": "SLUB Backdoor"
     }
   ],
-  "version": 111
+  "version": 112
 }