From 094d56057ce0953610ca99eee98082c72484a282 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Tue, 9 May 2023 14:35:41 +0200
Subject: [PATCH] adding APT43 (Mandiant) for Kimsuky.

---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index dd59e6d..d0cba4b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5235,14 +5235,16 @@
           "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/",
           "https://attack.mitre.org/groups/G0086/",
           "https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
-          "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite"
+          "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
+          "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
         ],
         "synonyms": [
           "Velvet Chollima",
           "Black Banshee",
           "Thallium",
           "Operation Stolen Pencil",
-          "G0086"
+          "G0086",
+          "APT43"
         ]
       },
       "related": [