From fa4b14c6f51d4a0405f4d5b8d7dabbf382ba591b Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 22 Nov 2024 10:47:49 +0100
Subject: [PATCH] chg: [threat-actor] Gorilla botnet added

---
 README.md                  |  2 +-
 clusters/threat-actor.json | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3f0d447..697e0cc 100644
--- a/README.md
+++ b/README.md
@@ -599,7 +599,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
 
 [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
 
-Category: *actor* - source: *MISP Project* - total: *781* elements
+Category: *actor* - source: *MISP Project* - total: *782* elements
 
 [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
 
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e8039bd..0dc399b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17464,7 +17464,17 @@
       },
       "uuid": "314325cd-5972-46a9-af1e-4b1e5585619d",
       "value": "Water Barghest"
+    },
+    {
+      "description": "Gorilla is a threat-actor operating a DoS-as-a-service service controlled on Telegram.",
+      "meta": {
+        "refs": [
+          "https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/gorilla_bericht.html"
+        ]
+      },
+      "uuid": "192be820-af1a-4967-b38c-73326fa9ca9f",
+      "value": "Gorilla"
     }
   ],
-  "version": 320
+  "version": 321
 }