From 0133c023d20f8b33a8409ed08c57fc1ef066a67b Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 19:02:12 +0100
Subject: [PATCH] [threat-actors] Add YoroTrooper

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6b43dc2..31a073b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12287,6 +12287,18 @@
       },
       "uuid": "6db3ad41-6b47-43c8-b94b-98853749ee02",
       "value": "Kasablanka"
+    },
+    {
+      "description": "YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States, based on Cisco Talos analysis. YoroTrooper was also observed compromising accounts from at least two international organizations: a critical European Union health care agency and the World Intellectual Property Organization. Successful compromises also included Embassies of European countries including Azerbaijan and Turkmenistan.",
+      "meta": {
+        "country": "KZ",
+        "refs": [
+          "https://blog.talosintelligence.com/attributing-yorotrooper/",
+          "https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/"
+        ]
+      },
+      "uuid": "2031ae01-e962-4861-a224-0934af6cdd3a",
+      "value": "YoroTrooper"
     }
   ],
   "version": 289