From 2a865b8c07b18f3371457e8f929d36ae2e41cca4 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 1 Nov 2024 10:43:27 -0700
Subject: [PATCH] [threat-actors] Add Water Makara

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d45caec..f141011 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17071,6 +17071,16 @@
       },
       "uuid": "e13e36e7-a75b-42fa-8d51-35f9eeafebfc",
       "value": "UNC5820"
+    },
+    {
+      "description": "Water Makara employs the Astaroth banking malware, which features a new defense evasion technique. Their spear phishing campaigns exploit human error by targeting users to click on malicious files. To mitigate these threats, organizations should implement regular security training, enforce strong password policies, utilize multifactor authentication (MFA), keep security solutions updated, and apply the principle of least privilege.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html"
+        ]
+      },
+      "uuid": "54bc063d-fc4e-4076-a282-cdb98480da2a",
+      "value": "Water Makara"
     }
   ],
   "version": 318