From 793e4b9408c04ae9259904baacecc7f25f3ffcfb Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 26 Jul 2024 06:27:01 -0700
Subject: [PATCH] [threat-actors] Add APT45

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6ee2d0c..cc9fc27 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16444,6 +16444,17 @@
       },
       "uuid": "7dd2e8ee-4232-43f5-9866-006160f19aea",
       "value": "UAC-0102"
+    },
+    {
+      "description": "APT45 is a North Korean cyber threat actor that has been active since at least 2009. They have conducted espionage campaigns targeting government agencies and defense industries, as well as financially-motivated operations, including ransomware development. APT45 has targeted critical infrastructure, financial organizations, nuclear research facilities, and healthcare and pharmaceutical companies. They use a mix of publicly available tools, modified malware, and custom malware families in their operations.",
+      "meta": {
+        "country": "KP",
+        "refs": [
+          "https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine"
+        ]
+      },
+      "uuid": "02768be6-853c-4239-8fb1-823427489a86",
+      "value": "APT45"
     }
   ],
   "version": 312