Merge https://github.com/MISP/misp-galaxy

.github/workflows/nosetests.yml

@@ -0,0 +1,52 @@
+name: Python application
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.6, 3.7, 3.8, 3.9]
+
+    steps:
+
+    - uses: actions/checkout@v2
+
+    - name: Set up Python ${{matrix.python-version}}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{matrix.python-version}}
+
+    - name: Initialize submodules
+      run: git submodule update --init --recursive
+
+    - name: Install system dependencies
+      run: sudo apt install jq moreutils
+
+    - name: Validate files
+      run: ./validate_all.sh
+
+    - name: Install Python dependencies
+      run: python -m pip install poetry
+
+    - name: Install testing via python module
+      run: |
+        git clone https://github.com/MISP/PyMISPGalaxies.git
+        pushd PyMISPGalaxies
+        git submodule update --init
+        git submodule foreach git pull origin main
+        poetry install
+        popd
+
+    - name: Test with Python module
+      run: |
+        pushd PyMISPGalaxies
+        poetry run nosetests-3.4 --with-coverage --cover-package=pymispgalaxies -d
+        popd

README.md

@@ -1,6 +1,6 @@
 # misp-galaxy
 
-[![Build Status](https://travis-ci.org/MISP/misp-galaxy.svg?branch=master)](https://travis-ci.org/MISP/misp-galaxy)
+![Python application](https://github.com/MISP/misp-galaxy/workflows/Python%20application/badge.svg)
 
 MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or
 attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There

clusters/threat-actor.json

@@ -2564,7 +2564,8 @@
           "https://www.zdnet.com/article/this-hacking-gang-just-updated-the-malware-it-uses-against-uk-targets/",
           "https://attack.mitre.org/groups/G0010/",
           "https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/",
-          "https://www.secureworks.com/research/threat-profiles/iron-hunter"
+          "https://www.secureworks.com/research/threat-profiles/iron-hunter",
+          "https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/"
         ],
         "synonyms": [
           "Turla",
@@ -4481,7 +4482,8 @@
           "https://www.cfr.org/interactive/cyber-operations/ocean-lotus",
           "https://www.accenture.com/us-en/blogs/blogs-pond-loach-delivers-badcake-malware",
           "https://www.secureworks.com/research/threat-profiles/tin-woodlawn",
-          "https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/"
+          "https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/",
+          "https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html"
         ],
         "synonyms": [
           "OceanLotus Group",
@@ -6231,7 +6233,8 @@
           "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
           "https://securelist.com/luckymouse-hits-national-data-center/86083/",
           "https://attack.mitre.org/groups/G0027/",
-          "https://www.secureworks.com/research/threat-profiles/bronze-union"
+          "https://www.secureworks.com/research/threat-profiles/bronze-union",
+          "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/"
         ],
         "synonyms": [
           "Emissary Panda",
@@ -8498,5 +8501,5 @@
       "value": "Operation Skeleton Key"
     }
   ],
-  "version": 190
+  "version": 193
 }