From cee83f677e415b8fbbcee138cfab6d65b7c26a66 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 18 Jun 2018 14:30:51 +0200
Subject: [PATCH] more clusters

---
 clusters/ransomware.json | 30 +++++++++++++++++++++++++++++-
 clusters/tool.json       | 12 +++++++++++-
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index f1c9a4f..61b8fc0 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -9838,12 +9838,40 @@
         ]
       },
       "uuid": "fe42c270-7077-11e8-af82-d7bf7e6ab8a9"
+    },
+    {
+      "value": "Donut",
+      "description": "S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email donutmmm@tutanota.com.",
+      "meta": {
+        "refs": [
+          "https://twitter.com/siri_urz/status/1005438610806583296",
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/"
+        ],
+        "extensions": [
+          ".donut"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/15/DfQI_lnXUAAukGK[1].jpg"
+        ]
+      },
+      "uuid": "e57e1f4a-72da-11e8-8c0d-af46e8f393d2"
+    },
+    {
+      "value": "NemeS1S Ransomware",
+      "description": "Ransomware as a Service",
+      "meta": {
+        "refs": [
+          "https://twitter.com/Damian1338B/status/1005411102660923392",
+          "https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/"
+        ]
+      },
+      "uuid": "3ac0f41e-72e0-11e8-85a8-f7ae254ab629"
     }
   ],
   "source": "Various",
   "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
   "name": "Ransomware",
-  "version": 24,
+  "version": 25,
   "type": "ransomware",
   "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index 20bc955..8304487 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -2,7 +2,7 @@
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
   "name": "Tool",
   "source": "MISP Project",
-  "version": 75,
+  "version": 76,
   "values": [
     {
       "meta": {
@@ -4323,6 +4323,16 @@
           "https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/"
         ]
       }
+    },
+    {
+      "value": "TYPEFRAME",
+      "description": "Trojan malware",
+      "meta": {
+        "refs": [
+          "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
+        ]
+      },
+      "uuid": "8981aaca-72dc-11e8-8649-838c1b2613c5"
     }
   ],
   "authors": [