From 10d27206a75236736273f5dad0113c17546c516f Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:11 +0100
Subject: [PATCH] [threat-actors] Add SharpPanda

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6498302..d0ebb86 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12511,6 +12511,19 @@
       },
       "uuid": "aa74d1f3-b294-405b-bb18-3ac1c13560a1",
       "value": "BadRory"
+    },
+    {
+      "description": "SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://blog.cyble.com/2023/06/01/sharppanda-apt-campaign-expands-its-arsenal-targeting-g20-nations/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs",
+          "https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/"
+        ]
+      },
+      "uuid": "7133a722-088c-4d5a-b2e0-a1f9915f807d",
+      "value": "SharpPanda"
     }
   ],
   "version": 292