From 164222d3c6adfeb150dd9e79d857b0d533cdd416 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 9 Sep 2024 08:18:22 -0700
Subject: [PATCH] [threat-actors] Add TIDRONE

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c7aa533..22f0111 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16526,6 +16526,17 @@
       },
       "uuid": "e6b27374-5055-4c2c-950b-06b4fc75a210",
       "value": "UNC4540"
+    },
+    {
+      "description": "TIDRONE is an unidentified threat actor linked to Chinese-speaking groups, with a focus on military-related industry chains, particularly drone manufacturers in Taiwan. The actor employs advanced malware variants such as CXCLNT and CLNTEND, which are distributed through ERP software or remote desktops. The consistency in file compilation times and operational patterns aligns with other Chinese espionage activities, indicating a likely espionage motive.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html"
+        ]
+      },
+      "uuid": "020d512f-0636-482b-8033-2bd404e0321f",
+      "value": "TIDRONE"
     }
   ],
   "version": 313