From c3b6878cf366e2e636f605de52697dfe795b4be4 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:12 +0100
Subject: [PATCH] [threat-actors] Add IronHusky

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 76516ec..cd990c5 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12633,6 +12633,18 @@
       },
       "uuid": "d4fd0a30-15d4-4dfd-bf98-beff5fe34c33",
       "value": "ShinyHunters"
+    },
+    {
+      "description": "IronHusky is a Chinese-based threat actor first attributed in July 2017 targeting Russian and Mongolian governments, as well as aviation companies and research institutes. Since their initial attacks ceased in 2018, they have been working on a new remote access trojan dubbed MysterySnail.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/",
+          "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk175885"
+        ]
+      },
+      "uuid": "34d1e532-3d47-44cb-b87c-7e9cbba2321e",
+      "value": "IronHusky"
     }
   ],
   "version": 292