From 2ac369ac617c0adee54802d79cb32f7d5e74a37b Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 20 Nov 2023 09:29:05 -0800
Subject: [PATCH] [threat-actors] Add Webworm

---
 clusters/threat-actor.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 18cf13a..2049a12 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13248,6 +13248,22 @@
       },
       "uuid": "a413c605-0e0a-41ca-bae2-5623908fda3a",
       "value": "PerSwaysion"
+    },
+    {
+      "description": "Space Pirates is a cybercrime group that has been active since at least 2017. They primarily target Russian companies and have been observed using various malware, including Deed RAT and ShadowPad. The group uses a combination of publicly available tools and their own protocols to communicate with their command-and-control servers.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats",
+          "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools/",
+          "https://blog.polyswarm.io/space-pirates-target-russian-aerospace"
+        ],
+        "synonyms": [
+          "Space Pirates"
+        ]
+      },
+      "uuid": "ee306b4d-1b2b-4872-a8f1-d07e7fbab2f0",
+      "value": "Webworm"
     }
   ],
   "version": 294