[threat-actors] Add Earth Kitsune

clusters/threat-actor.json

@@ -13101,6 +13101,19 @@
       },
       "uuid": "ab376039-4ede-4dfc-a45b-c80d9d994657",
       "value": "FusionCore"
+    },
+    {
+      "description": "Earth Kitsune is an advanced persistent threat actor that has been active since at least 2019. They primarily target individuals interested in North Korea and use various tactics, such as compromising websites and employing social engineering, to distribute self-developed backdoors. Earth Kitsune demonstrates technical proficiency and continuously evolves their tools, tactics, and procedures. They have been associated with malware such as WhiskerSpy and SLUB.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html",
+          "https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html",
+          "https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html",
+          "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations/"
+        ]
+      },
+      "uuid": "a9f29636-26e4-42f0-95d1-7a49dd6f0a79",
+      "value": "Earth Kitsune"
     }
   ],
   "version": 294