Merge branch 'master' of https://github.com/MISP/misp-galaxy

clusters/threat-actor.json

@@ -5365,7 +5365,20 @@
       },
       "uuid": "71a3b962-9a36-11e8-88f8-b31d20c6fa2a",
       "value": "RedAlpha"
+    },
+    {
+      "value": "APT-C-35",
+      "uuid": "b9dc4e81-909f-4324-8b25-a0f359cd88e0",
+      "description": "In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization",
+      "meta": {
+        "refs": [
+          "https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/"
+        ],
+        "synonyms": [
+          "DoNot Team"
+        ]
+      }
     }
   ],
-  "version": 52
+  "version": 53
 }

clusters/tool.json

@@ -5706,7 +5706,17 @@
       },
       "uuid": "f7f53bb8-37ed-4bbe-9809-ca1594431536",
       "value": "KEYMARBLE"
+    },
+    {
+      "value": "BISKVIT",
+      "description": "The BISKVIT Trojan is a multi-component malware written in C#. We dubbed this malware BISKVIT based on the namespaces used in the code, which contain the word “biscuit”.  Unfortunately, there is already an existing unrelated malware called BISCUIT, so BISKVIT is used instead, which is the Russian translation of biscuit.",
+      "meta": {
+        "refs": [
+          "https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html"
+        ]
+      },
+      "uuid": "69ed8a69-8b33-4195-9b21-a1f4cd76acde"
     }
   ],
-  "version": 84
+  "version": 85
 }