From 4c9063b772a80675ee28fa28005bc9fa5cc77a34 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Mon, 20 Nov 2023 09:29:06 -0800 Subject: [PATCH] [threat-actors] Add Storm Cloud --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index b75af79..2c3da14 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -13317,6 +13317,18 @@ }, "uuid": "ad8b73df-c526-4a32-b52f-c7c3c4c058d2", "value": "OldGremlin" + }, + { + "description": "Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a variety of malware families, including GIMMICK and GOSLU, which are feature-rich and multi-platform. Storm Cloud leverages public cloud hosting services like Google Drive for command-and-control channels, making it difficult to detect their activities.", + "meta": { + "country": "CN", + "refs": [ + "https://www.volexity.com/blog/2020/03/31/storm-cloud-unleashed-tibetan-community-focus-of-highly-targeted-fake-flash-campaign/", + "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-gimmick-malware-active-iocs" + ] + }, + "uuid": "3baec27f-3827-4a38-82c8-7195a18193f9", + "value": "Storm Cloud" } ], "version": 294