Merge pull request #587 from StefanKelm/master

Update threat-actor.json

clusters/threat-actor.json

@@ -7010,7 +7010,8 @@
           "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/",
           "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672",
           "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104",
-          "https://www.secureworks.com/research/threat-profiles/gold-tahoe"
+          "https://www.secureworks.com/research/threat-profiles/gold-tahoe",
+          "https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546"
         ],
         "synonyms": [
           "SectorJ04 Group",
@@ -8390,7 +8391,19 @@
       },
       "uuid": "bfb0bc20-5bdf-47ff-b07f-dbd9a3cb9772",
       "value": "Fox Kitten"
+    },
+    {
+      "description": "Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since 2011. It has attracted very little public attention, with the exception of an advisory from the Belarusian CERT in February 2020. In the interim, the group has compromised many government agencies and private companies in Eastern Europe and the Balkans.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/",
+          "https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf",
+          "https://github.com/eset/malware-ioc/tree/master/xdspy/"
+        ]
+      },
+      "uuid": "b205584e-db93-433a-b97a-7f2e19d8c188",
+      "value": "XDSpy"
     }
   ],
-  "version": 182
+  "version": 183
 }