From f3a145c96fcc0c79e2113eab130d3c2c73a38768 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 21 May 2024 16:59:07 +0200
Subject: [PATCH] chg: [threat-actor] updated following PR #977

The `master` branch should not be used
---
 clusters/threat-actor.json | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2d5e637..1ca0539 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5675,7 +5675,8 @@
           "https://asec.ahnlab.com/en/61082/",
           "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-north-korean-apt-kimsuky-aka-black-banshee-active-iocs-29/",
           "https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/",
-          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
+          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage"
         ],
         "synonyms": [
           "Velvet Chollima",
@@ -5685,7 +5686,8 @@
           "G0086",
           "APT43",
           "Emerald Sleet",
-          "THALLIUM"
+          "THALLIUM",
+          "Springtail"
         ],
         "targeted-sector": [
           "Research - Innovation",
@@ -15947,5 +15949,5 @@
       "value": "Water Orthrus"
     }
   ],
-  "version": 308
+  "version": 309
 }