From 32a78f3d263c0d9d0bad6882ada92f5ce1ffb78d Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 20 Nov 2023 09:29:05 -0800
Subject: [PATCH] [threat-actors] Add PerSwaysion

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1a9539b..18cf13a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13236,6 +13236,18 @@
       },
       "uuid": "9c102b55-29ea-4d90-9b36-33ba42f65d79",
       "value": "DefrayX"
+    },
+    {
+      "description": "PerSwaysion is a threat actor known for conducting phishing campaigns targeting high-level executives. They have been active since at least August 2019 and are believed to be based in Vietnam. PerSwaysion has recently updated their techniques, using more direct phishing methods and leveraging Microsoft 365 to steal credentials.",
+      "meta": {
+        "country": "VN",
+        "refs": [
+          "https://blog.group-ib.com/perswaysion",
+          "https://blog.scarletshark.com/perswaysion-threat-actor-updates-their-techniques-and-infrastructure-e9465157a653"
+        ]
+      },
+      "uuid": "a413c605-0e0a-41ca-bae2-5623908fda3a",
+      "value": "PerSwaysion"
     }
   ],
   "version": 294