From 254dd47a61749adfc98d7511f2febe2ce11a6565 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Fri, 18 Feb 2022 08:24:35 +0100
Subject: [PATCH] adding ACTINIUM as MSFT name for Gamaredon

---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d989a09..1f7f64b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4198,11 +4198,13 @@
           "https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon",
           "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
           "https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/",
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine"
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine",
+          "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/"
         ],
         "synonyms": [
           "Primitive Bear",
-          "Shuckworm"
+          "Shuckworm",
+          "ACTINIUM"
         ]
       },
       "related": [