From 991765a1c749d2149bfeddf04a12d387816fc7c6 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 1 Feb 2024 11:02:05 -0800 Subject: [PATCH] [threat-actors] Add SaintBear aliases --- clusters/threat-actor.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 4e618c4..d95aae4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -10269,6 +10269,7 @@ { "description": "A group targeting UA state organizations using the GraphSteel and GrimPlant malware.", "meta": { + "country": "RU", "refs": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.graphsteel", "https://cert.gov.ua/article/38374", @@ -10277,7 +10278,8 @@ "https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/", "https://unit42.paloaltonetworks.com/atoms/nascentursa/", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer", - "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/" + "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/", + "https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/" ], "synonyms": [ "UNC2589", @@ -10285,7 +10287,10 @@ "UAC-0056", "Nascent Ursa", "Nodaria", - "FROZENVISTA" + "FROZENVISTA", + "Storm-0587", + "DEV-0587", + "Saint Bear" ] }, "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",