From 1b33cad11dfb1ee562528afe34a46ceb6a5cd4d8 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Wed, 4 Oct 2023 16:39:01 +0100
Subject: [PATCH] adding aliases to ProphetSpider

---
 clusters/threat-actor.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fb10ee4..f7856ac 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -11489,7 +11489,13 @@
         "country": "",
         "references": [
           "https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity/",
-          "https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/"
+          "https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/",
+          "https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker",
+          "https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivated"
+        ],
+        "synonyms": [
+          "GOLD MELODY",
+          "UNC961"
         ]
       },
       "related": [