From 5da0c7bd545ee93cf40786c1c535b9d4897943b1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 7 Jan 2020 10:42:07 +0100
Subject: [PATCH] chg: [threat-actor] SideWinder APT group added

---
 clusters/threat-actor.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 7500353..415303e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7861,7 +7861,18 @@
       },
       "uuid": "f9702059-97f4-4fc0-810b-3041b918f5d7",
       "value": "BRONZE PRESIDENT"
+    },
+    {
+      "description": "An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/apt-trends-report-q1-2018/85280/",
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/"
+        ]
+      },
+      "uuid": "c4ce1174-9462-47e9-8038-794f40a184b3",
+      "value": "SideWinder"
     }
   ],
-  "version": 148
+  "version": 149
 }