From 447c06447769e684515216852479fa164c4367a5 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:01 -0800
Subject: [PATCH] [threat-actors] Add Phlox Tempest

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8be7577..94640f8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14420,6 +14420,19 @@
       },
       "uuid": "37f012df-54d8-4b3d-a288-af47240430ea",
       "value": "Raspberry Typhoon"
+    },
+    {
+      "description": "Phlox Tempest is a threat actor responsible for a large-scale click fraud campaign targeting users through YouTube comments and malicious ads. They use ChromeLoader to infect victims' computers with malware, often delivered as ISO image files that victims are tricked into downloading. The attackers aim to profit from clicks generated by malicious browser extensions or node-WebKit installed on the victim's device. Microsoft and other cybersecurity organizations have issued warnings about this ongoing and prevalent campaign.",
+      "meta": {
+        "refs": [
+          "https://twitter.com/MsftSecIntel/status/1570911625841983489"
+        ],
+        "synonyms": [
+          "DEV-0796"
+        ]
+      },
+      "uuid": "dd012c50-4f4f-4485-ac52-294a341f03e5",
+      "value": "Phlox Tempest"
     }
   ],
   "version": 298