From 29baf77740d4698b985b7f238fa4f6310b166938 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 20 Nov 2023 09:29:07 -0800
Subject: [PATCH] [threat-actors] Add SilverFish

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2aaafb3..b9f1763 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13352,6 +13352,18 @@
       },
       "uuid": "aad291eb-08d1-4af4-9dd1-e90fe1f2d6c6",
       "value": "TA402"
+    },
+    {
+      "description": "SilverFish is believed to be a Russian cyberespionage group that has been involved in various cyberattacks, including the use of the SolarWinds breach as an attack vector. SilverFish has been linked to the Wasted Locker ransomware and has displayed a high level of skill and organization in their cyber operations. There are also connections between SilverFish and the threat actor Evil Corp, suggesting a possible evolution or collaboration between the two groups.",
+      "meta": {
+        "refs": [
+          "https://www.truesec.com/hub/blog/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies",
+          "https://www.prodaft.com/resource/detail/silverfish-global-cyber-espionage-campaign-case-report",
+          "https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions"
+        ]
+      },
+      "uuid": "55bcc595-2442-4f98-9477-7fe9b507607c",
+      "value": "SilverFish"
     }
   ],
   "version": 294