From 1d05f17507568f428fdf3d2d6bdffd16faa411e1 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Tue, 6 Oct 2020 12:45:43 +0200
Subject: [PATCH] Update threat-actor.json

XDSpy
---
 clusters/threat-actor.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 95394ed..b058994 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8390,7 +8390,19 @@
       },
       "uuid": "bfb0bc20-5bdf-47ff-b07f-dbd9a3cb9772",
       "value": "Fox Kitten"
+    },
+    {
+      "description": "Rare is the APT group that goes largely undetected for nine years, but XDSpy is just that; a previously undocumented espionage group that has been active since 2011. It has attracted very little public attention, with the exception of an advisory from the Belarusian CERT in February 2020. In the interim, the group has compromised many government agencies and private companies in Eastern Europe and the Balkans.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2020/10/02/xdspy-stealing-government-secrets-since-2011/",
+          "https://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf",
+          "https://github.com/eset/malware-ioc/tree/master/xdspy/"
+        ]
+      },
+      "uuid": "b205584e-db93-433a-b97a-7f2e19d8c188",
+      "value": "XDSpy"
     }
   ],
-  "version": 182
+  "version": 183
 }