Merge https://github.com/MISP/misp-galaxy into main

clusters/ransomware.json

@@ -24211,7 +24211,20 @@
       },
       "uuid": "fe7e4df0-97b9-4dd2-b3f8-79404fc8272d",
       "value": "Ragnarok"
+    },
+    {
+      "description": "Destructive malware deployed against targets in Ukraine in January 2022.",
+      "meta": {
+        "date": "January 2022",
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.whispergate",
+          "https://www.cadosecurity.com/resources-for-dfir-professionals-responding-to-whispergate-malware/",
+          "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
+        ]
+      },
+      "uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
+      "value": "WhisperGate"
     }
   ],
-  "version": 98
+  "version": 99
 }

clusters/surveillance-vendor.json

@@ -180,7 +180,24 @@
       },
       "uuid": "f49bf1b6-e257-4ffc-b5ac-f0e26ef36965",
       "value": "SpyBubble"
+    },
+    {
+      "description": "Cytrox’s Israeli companies were founded in 2017 as Cytrox EMEA Ltd. and Cytrox Software Ltd. Perhaps taking a page from Candiru’s corporate obfuscation playbook, both of those companies were renamed in 2019 to Balinese Ltd. and Peterbald Ltd., respectively. We also observed one entity in Hungary, Cytrox Holdings Zrt, which was also formed in 2017.",
+      "meta": {
+        "refs": [
+          "https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/"
+        ],
+        "synonyms": [
+          "Cytrox EMEA Ltd.",
+          "Cytrox Software Ltd.",
+          "Balinese Ltd.",
+          "Peterbald Ltd.",
+          "Cytrox Holdings Zrt"
+        ]
+      },
+      "uuid": "4dbfa61e-0cf5-4142-babf-3cdce348568d",
+      "value": "Cytrox"
     }
   ],
-  "version": 1
+  "version": 2
 }