From 0daeb675f5a06cca1d904be9f31736e9f7a43478 Mon Sep 17 00:00:00 2001
From: Thomas Dupuy <thom4s.d@gmail.com>
Date: Tue, 18 Feb 2020 13:28:32 -0500
Subject: [PATCH 1/2] Add InvisiMole cluster

---
 clusters/threat-actor.json | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 00da6c43..836c8129 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7948,7 +7948,24 @@
       },
       "uuid": "53771ca5-f1cb-47b6-a92a-53a485307cf7",
       "value": "APT-C-12"
+    },
+    {
+      "description": "Adversary group targeting diplomatic missions, governmental and military organisations, mainly in Ukraine.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "Ukraine"
+        ],
+        "cfr-target-category": [
+          "Government"
+        ],
+        "cfr-type-of-incident": "Espionage",
+        "refs": [
+            "https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/"
+        ]
+      },
+      "uuid": "87af83a4-ced4-4e7c-96a6-86612dc095b1",
+      "value": "InvisiMole"
     }
   ],
-  "version": 154
+  "version": 155
 }

From b4b91b1e5d7d09b0cf93557e570cf3c80032ed79 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 28 Feb 2020 16:37:24 +0100
Subject: [PATCH 2/2] chg: [threat-actor] JSON fixed

---
 clusters/threat-actor.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 836c8129..439c2b6c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7960,7 +7960,7 @@
         ],
         "cfr-type-of-incident": "Espionage",
         "refs": [
-            "https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/"
+          "https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/"
         ]
       },
       "uuid": "87af83a4-ced4-4e7c-96a6-86612dc095b1",