From 6759fedbe4a23f53036f290eaf6b351540fc2357 Mon Sep 17 00:00:00 2001
From: Christophe Vandeplas <christophe@vandeplas.com>
Date: Thu, 10 Nov 2016 11:23:57 +0100
Subject: [PATCH] Updated misp-galaxy taxonomy

---
 misp-galaxy/machinetag.json | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/misp-galaxy/machinetag.json b/misp-galaxy/machinetag.json
index 44940c3..64b51b0 100644
--- a/misp-galaxy/machinetag.json
+++ b/misp-galaxy/machinetag.json
@@ -675,6 +675,16 @@
                     "description": "Vawtrak is an information stealing malware family that is primarily used to gain unauthorised access to bank accounts through online banking websites.",
                     "expanded": "Vawtrak",
                     "value": "Vawtrak"
+                },
+                {
+                    "description": "Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework",
+                    "expanded": "Empire",
+                    "value": "Empire"
+                },
+                {
+                    "description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive. ",
+                    "expanded": "Explosive",
+                    "value": "Explosive"
                 }
             ],
             "predicate": "tool"
@@ -907,6 +917,11 @@
                     "expanded": "Magic Kitten",
                     "value": "Magic Kitten"
                 },
+                {
+                    "description": "Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.",
+                    "expanded": "Rocket Kitten",
+                    "value": "Rocket Kitten"
+                },
                 {
                     "expanded": "Cleaver",
                     "value": "Cleaver"
@@ -1109,10 +1124,19 @@
                 {
                     "expanded": "TeamXRat",
                     "value": "TeamXRat"
+                },
+                {
+                    "expanded": "OilRig",
+                    "value": "OilRig"
+                },
+                {
+                    "description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .",
+                    "expanded": "Volatile Cedar",
+                    "value": "Volatile Cedar"
                 }
             ],
             "predicate": "threat-actor"
         }
     ],
-    "version": 2
-}
+    "version": 3
+}
\ No newline at end of file