From c9e85b4d166a8411ad3af1f2e7be409d24da02d5 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 11:13:11 +0100
Subject: [PATCH] [threat-actors] Add Earth Longzhi

---
 clusters/threat-actor.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c0da976..f944829 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12167,6 +12167,22 @@
       },
       "uuid": "8c08dbe7-3ed0-4d7d-b315-22d8774a5bd9",
       "value": "UNC3886"
+    },
+    {
+      "description": "Earth Longzhi is a subgroup of APT41 targeting organizations based in Taiwan, Thailand, the Philippines, and Fiji, and using “stack rumbling” via Image File Execution Options (IFEO), a new denial-of-service (DoS) technique to disable security software.",
+      "meta": {
+        "aliases": [
+          "SnakeCharmer"
+        ],
+        "refs": [
+          "https://www.picussecurity.com/resource/blog/cyber-threat-intelligence-report-may-2023",
+          "https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html",
+          "https://ics-cert.kaspersky.com/publications/reports/2023/03/24/apt-attacks-on-industrial-organizations-in-h2-2022/",
+          "https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html"
+        ]
+      },
+      "uuid": "b21dbf83-3459-44f4-b91b-6157379e430a",
+      "value": "Earth Longzhi"
     }
   ],
   "version": 288