From c740c6f1e13f10ead606a42948e2d844317bb957 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 6 Feb 2024 07:30:06 -0800
Subject: [PATCH] [threat-actors] Add Urpage

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fd25b8f..fb3ecff 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14958,6 +14958,16 @@
       },
       "uuid": "2875aff1-2a0f-4e82-ae42-607a3a74d129",
       "value": "Earth Yako"
+    },
+    {
+      "description": "What sets Urpage attacks apart is its targeting of InPage, a word processor for Urdu and Arabic languages. However, its Delphi backdoor component, which it has in common with Confucius and Patchwork, and its apparent use of Bahamut-like malware, is what makes it more intriguing as it connects Urpage to these other known threats. Trend Micro covered the Delphi component in the context of the Confucius and Patchwork connection. They mentioned Urpage as a third unnamed threat actor connected to the two.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/18/h/the-urpage-connection-to-bahamut-confucius-and-patchwork.html"
+        ]
+      },
+      "uuid": "4e137d53-b9cf-4b9a-88c2-f29dd27ac302",
+      "value": "Urpage"
     }
   ],
   "version": 299