From 0f1777df92e9688c597a31a177b5415d942a7e19 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 19:02:12 +0100
Subject: [PATCH] [threat-actors] Add SparklingGoblin

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 9977998..d894645 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12264,6 +12264,16 @@
       },
       "uuid": "d1fe4546-616a-409c-8d2c-f7a7e0a183f8",
       "value": "Storm-0062"
+    },
+    {
+      "description": "ESET researchers have discovered a new undocumented modular backdoor, SideWalk, being used by an APT group they’ve named SparklingGoblin; this backdoor was used during one of SparklingGoblin’s recent campaigns that targeted a computer retail company based in the USA. This backdoor shares multiple similarities with another backdoor used by the group: CROSSWALK.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/"
+        ]
+      },
+      "uuid": "f3fd4397-19e4-47e0-b1bc-f792690e3bd0",
+      "value": "SparklingGoblin"
     }
   ],
   "version": 289