MISP · adulau · Jun 18, 2018 · Jun 18, 2018 · Jun 18, 2018
diff --git a/clusters/ransomware.json b/clusters/ransomware.json
@@ -9838,12 +9838,40 @@
         ]
       },
       "uuid": "fe42c270-7077-11e8-af82-d7bf7e6ab8a9"
+    },
+    {
+      "value": "Donut",
+      "description": "S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email donutmmm@tutanota.com.",
+      "meta": {
+        "refs": [
+          "https://twitter.com/siri_urz/status/1005438610806583296",
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/"
+        ],
+        "extensions": [
+          ".donut"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/15/DfQI_lnXUAAukGK[1].jpg"
+        ]
+      },
+      "uuid": "e57e1f4a-72da-11e8-8c0d-af46e8f393d2"
+    },
+    {
+      "value": "NemeS1S Ransomware",
+      "description": "Ransomware as a Service",
+      "meta": {
+        "refs": [
+          "https://twitter.com/Damian1338B/status/1005411102660923392",
+          "https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/"
+        ]
+      },
+      "uuid": "3ac0f41e-72e0-11e8-85a8-f7ae254ab629"
     }
   ],
   "source": "Various",
   "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
   "name": "Ransomware",
-  "version": 24,
+  "version": 25,
   "type": "ransomware",
   "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
 }
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -2678,6 +2678,29 @@
         ]
       },
       "uuid": "4defbf2e-4f73-11e8-807f-578d61da7568"
+    },
+    {
+      "value": "LuckyMouse",
+      "description": "Experts assigned the codename of LuckyMouse to the group behind this hack, but they later realized the attackers were an older Chinese threat actor known under various names in the reports of other cyber-security firms, such as Emissary Panda, APT27, Threat Group 3390, Bronze Union, ZipToken, and Iron Tiger",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-hacked-government-data-center/",
+          "https://www.secureworks.com/research/bronze-union",
+          "http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states",
+          "https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage",
+          "https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/",
+          "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/"
+        ],
+        "synonyms": [
+          "Emissary Panda",
+          "APT27",
+          "Threat Group 3390",
+          "Bronze Union",
+          "ZipToken",
+          "Iron Tiger"
+        ]
+      },
+      "uuid": "4af45fea-72d3-11e8-846c-d37699506c8d"
     }
   ],
   "name": "Threat actor",
@@ -2692,5 +2715,5 @@
   ],
   "descriptio
CE8D
n": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 41
+  "version": 42
 }
diff --git a/clusters/tool.json b/clusters/tool.json
@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 75,
+  "version": 76,
   "values": [
     {
       "meta": {
@@ -4323,6 +4323,16 @@
           "https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/"
         ]
       }
+    },
+    {
+      "value": "TYPEFRAME",
+      "description": "Trojan malware",
+      "meta": {
+        "refs": [
+          "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
+        ]
+      },
+      "uuid": "8981aaca-72dc-11e8-8649-838c1b2613c5"
     }
   ],
   "authors": [