From f60831257723362f0057957c8aaff88108befc04 Mon Sep 17 00:00:00 2001
From: Rony <rony_123@protonmail.ch>
Date: Wed, 17 Aug 2022 08:52:35 +0000
Subject: [PATCH] addresses
 https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586

---
 clusters/tool.json | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/clusters/tool.json b/clusters/tool.json
index 6360346..9cf6278 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -8484,7 +8484,33 @@
       },
       "uuid": "f43a3828-a3b6-11ec-80e1-55a8e5815c2c",
       "value": "BadPotato"
+    },
+    {
+      "description": "A simple RAT used by Vicious Panda",
+      "meta": {
+        "refs": [
+          "https://securelist.com/microcin-is-here/97353",
+          "https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636",
+          "https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia",
+          "https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia",
+          "https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign"
+        ],
+        "synonyms": [
+          "Mikroceen"
+        ],
+        "type": [
+          "RAT"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",
+          "type": "used-by"
+        }
+      ],
+      "uuid": "7d17dabf-a68e-4eda-a18f-26868ced8e73",
+      "value": "Microcin"
     }
   ],
-  "version": 150
+  "version": 151
 }