From b01e64eb1f77bedc4afd3207d84c6b6163231b9d Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 8 Apr 2020 14:53:19 +0200
Subject: [PATCH] add Operation Shadow Forece

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e7a6f0c..cc70890 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8102,6 +8102,17 @@
       },
       "uuid": "86b4e2f3-8bbf-48fd-9d27-034d3ac3b187",
       "value": "VENOM SPIDER"
+    },
+    {
+      "description": "Operation Shadow Force is a group of malware that is representative of Shadow Force and Wgdrop from 2013 to 2020, and is a group activity that attacks Korean companies and organizations. The group's first confirmed attack was in March 2013, but considering the date of malware creation, it is likely to have been active before 2012. Since the malware used mainly by them is Shadow Force, it was named Operation Shadow Force, and it has not been confirmed whether the attacker is associated with a known group.",
+      "meta": {
+        "refs": [
+          "https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=29129",
+          "https://mobile.twitter.com/mstoned7/status/1247361687570673664"
+        ]
+      },
+      "uuid": "f628b544-48b6-44e2-b794-950713353cf1",
+      "value": "Operation Shadow Force"
     }
   ],
   "version": 157