From 9337227db7d2d6866bd1155c8a8f7e89aef9dc92 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Mon, 21 Oct 2024 08:48:56 +0200
Subject: [PATCH] added Unit42 name for Kimsuky (Sparkling Pisces)

---
 clusters/threat-actor.json | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 40c3e41..c11735d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5681,7 +5681,8 @@
           "https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/",
           "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
           "https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-may-16b",
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage"
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage",
+          "https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/"
         ],
         "synonyms": [
           "Velvet Chollima",
@@ -5692,7 +5693,8 @@
           "APT43",
           "Emerald Sleet",
           "THALLIUM",
-          "Springtail"
+          "Springtail",
+          "Sparkling Pisces"
         ],
         "targeted-sector": [
           "Research - Innovation",
@@ -16985,5 +16987,5 @@
       "value": "TaskMasters"
     }
   ],
-  "version": 316
+  "version": 317
 }