From 1d05f17507568f428fdf3d2d6bdffd16faa411e1 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Tue, 6 Oct 2020 12:45:43 +0200
Subject: [PATCH 1/2] Update threat-actor.json

XDSpy
---
 clusters/threat-actor.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 95394ed..b058994 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8390,7 +8390,19 @@
       },
       "uuid": "bfb0bc20-5bdf-47ff-b07f-dbd9a3cb9772",
       "value": "Fox Kitten"
+    },
+    {
+      "description": "Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since 2011. It has attracted very little public attention, with the exception of an advisory from the Belarusian CERT in February 2020. In the interim, the group has compromised many government agencies and private companies in Eastern Europe and the Balkans.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/",
+          "https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf",
+          "https://github.com/eset/malware-ioc/tree/master/xdspy/"
+        ]
+      },
+      "uuid": "b205584e-db93-433a-b97a-7f2e19d8c188",
+      "value": "XDSpy"
     }
   ],
-  "version": 182
+  "version": 183
 }

From 7bab41e367b5b7953cd9c4bb5505e62e0efcb4ba Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Tue, 6 Oct 2020 15:29:54 +0200
Subject: [PATCH 2/2] Update threat-actor.json

TA505
---
 clusters/threat-actor.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b058994..4a70b41 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7010,7 +7010,8 @@
           "https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/servhelper-evolution-and-new-ta505-campaigns/",
           "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672",
           "https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104",
-          "https://www.secureworks.com/research/threat-profiles/gold-tahoe"
+          "https://www.secureworks.com/research/threat-profiles/gold-tahoe",
+          "https://www.telekom.com/en/blog/group/article/eager-beaver-a-short-overview-of-the-restless-threat-actor-ta505-609546"
         ],
         "synonyms": [
           "SectorJ04 Group",