From 84eac4b102e08f1f6e138b6b7632d4bc24836c58 Mon Sep 17 00:00:00 2001
From: Adam McHugh <adam@mchughsecurity.com>
Date: Sun, 17 Apr 2022 19:50:08 +0930
Subject: [PATCH 1/2] Added Cosmic Lynx Threat Actor from Agari Whitepaper
 advisory

---
 clusters/threat-actor.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c5a7b6d..e089e9b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9124,6 +9124,15 @@
       },
       "uuid": "0d72c57c-73e3-4739-8144-c8055cabd7dc",
       "value": "BladeHawk"
+    },
+    {
+      "description": "Cosmic Lynx is a Russia-based BEC cybercriminal organization that has significantly impacted the email threat landscape with sophisticated, high-dollar phishing attacks.",
+      "meta": {
+        "cfr-type-of-incident": "Business Email Compromise",
+        "refs": "https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf"
+      },
+      "uuid": "",
+      "value": "Cosmic Lynx"
     }
   ],
   "version": 217

From 53a0fc56d3a1eb14effe2e07ec2a3a16f273bc92 Mon Sep 17 00:00:00 2001
From: Adam McHugh <adam@mchughsecurity.com>
Date: Mon, 18 Apr 2022 10:16:26 +0930
Subject: [PATCH 2/2] Added Cosmic Lynx Threat Actor from Agari Whitepaper
 advisory

---
 clusters/threat-actor.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e089e9b..2df3c85 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9131,7 +9131,7 @@
         "cfr-type-of-incident": "Business Email Compromise",
         "refs": "https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf"
       },
-      "uuid": "",
+      "uuid": "54ae5c75-8aab-41a8-971a-03d53db9b35c",
       "value": "Cosmic Lynx"
     }
   ],