added WildNeutron (Morph, Butterfly, Sphinx Moth)

clusters/threat-actor.json

@@ -1549,6 +1549,23 @@
           "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf"
         ]
       }
+    },
+    {
+      "value": "WildNeutron",
+      "description": "A corporate espionage group has compromised a string of major corporations over the past three years in order to steal confidential information and intellectual property. The gang, which Symantec calls Butterfly, is not-state sponsored, rather financially motivated. It has attacked multi-billion dollar companies operating in the internet, IT software, pharmaceutical, and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged attacks.",
+      "meta": {
+        "country": "",
+        "refs": [
+          "https://www.symantec.com/connect/blogs/butterfly-profiting-high-level-corporate-attacks",
+          "https://securelist.com/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/",
+          "https://research.kudelskisecurity.com/2015/11/05/sphinx-moth-expanding-our-knowledge-of-the-wild-neutron-morpho-apt/"
+        ],
+        "synonyms": [
+          "Butterfly",
+          "Morpho",
+          "Sphinx Moth"
+        ]
+      }
     }
   ],
   "name": "Threat actor",
@@ -1563,5 +1580,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 21
+  "version": 22
 }