From f93293817e182a324d40ddbe6fa3927dbe59eca6 Mon Sep 17 00:00:00 2001
From: Rony <49360849+r0ny123@users.noreply.github.com>
Date: Sun, 24 Nov 2024 07:23:08 +0000
Subject: [PATCH] chg: [threat-actor] more references

---
 clusters/threat-actor.json | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index faa989b..fcb4e4e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4875,7 +4875,12 @@
           "https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts",
           "https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer",
           "https://www.justice.gov/opa/media/1327601/dl?inline",
-          "https://www.noticeofpleadings.com/starblizzard/"
+          "https://www.noticeofpleadings.com/starblizzard/",
+          "https://edeca.net/post/2024-06-26-an-interesting-callisto-yara-rule",
+          "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign",
+          "https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support",
+          "https://blog.sekoia.io/one-year-after-the-cyber-implications-of-the-russo-ukrainian-war/",
+          "https://blog.sekoia.io/calisto-doxxing-sekoia-io-findings-concurs-to-reuters-investigation-on-fsb-related-andrey-korinets/"
         ],
         "synonyms": [
           "COLDRIVER",
@@ -4890,7 +4895,7 @@
           "Blue Callisto"
         ],
         "targeted-sector": [
-          "Government, Administration",
+          "Government Administration",
           "Military",
           "Think Tanks",
           "Journalist"