From ac6c63ba8a46932a2711375c994363d53936a05e Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 31 Jul 2024 02:14:11 -0700
Subject: [PATCH] [threat-actors] Add Ghostwriter aliases

---
 clusters/threat-actor.json | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index dc9b91e..0af0755 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9728,14 +9728,18 @@
           "https://www.bleepingcomputer.com/news/security/meta-ukrainian-officials-military-targeted-by-ghostwriter-hackers",
           "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
           "https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/",
-          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
+          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
+          "https://socprime.com/blog/uac-0057-attack-detection-a-surge-in-adversary-activity-distributing-picassoloader-and-cobalt-strike-beacon/",
+          "https://socprime.com/blog/picassoloader-and-cobalt-strike-beacon-detection-uac-0057-aka-ghostwriter-hacking-group-attacks-the-ukrainian-leading-military-educational-institution/",
+          "https://cert.gov.ua/article/5098518"
         ],
         "synonyms": [
           "UNC1151",
           "TA445",
           "PUSHCHA",
           "Storm-0257",
-          "DEV-0257"
+          "DEV-0257",
+          "UAC-0057"
         ]
       },
       "related": [