From 3a193291b9e03c359f96811f77883aa0cdf85d3d Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:04 -0800
Subject: [PATCH] [threat-actors] Add Storm-1101

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6dfbcc5..578df6a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14586,6 +14586,19 @@
       },
       "uuid": "375988ab-91b9-419e-8646-a4783b931288",
       "value": "Storm-1286"
+    },
+    {
+      "description": "DEV-1101 is a threat actor tracked by Microsoft who is responsible for developing and advertising phishing kits, specifically AiTM phishing kits. These kits are capable of bypassing multifactor authentication and are available for purchase or rent by other cybercriminals. DEV-1101 offers an open-source kit with various enhancements, such as mobile device management and CAPTCHA evasion. Their tool has been used in high-volume phishing campaigns by multiple actors, including DEV-0928, and is sold for $300 with VIP licenses available for $1,000.",
+      "meta": {
+        "refs": [
+          "http://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/"
+        ],
+        "synonyms": [
+          "DEV-1101"
+        ]
+      },
+      "uuid": "8081af2c-442f-4487-9cf7-022cbe010b8f",
+      "value": "Storm-1101"
     }
   ],
   "version": 298