From 4c9063b772a80675ee28fa28005bc9fa5cc77a34 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 20 Nov 2023 09:29:06 -0800
Subject: [PATCH] [threat-actors] Add Storm Cloud

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b75af79..2c3da14 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13317,6 +13317,18 @@
       },
       "uuid": "ad8b73df-c526-4a32-b52f-c7c3c4c058d2",
       "value": "OldGremlin"
+    },
+    {
+      "description": "Storm Cloud is a Chinese espionage threat actor known for targeting organizations across Asia, particularly Tibetan organizations and individuals. They use a variety of malware families, including GIMMICK and GOSLU, which are feature-rich and multi-platform. Storm Cloud leverages public cloud hosting services like Google Drive for command-and-control channels, making it difficult to detect their activities.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.volexity.com/blog/2020/03/31/storm-cloud-unleashed-tibetan-community-focus-of-highly-targeted-fake-flash-campaign/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-gimmick-malware-active-iocs"
+        ]
+      },
+      "uuid": "3baec27f-3827-4a38-82c8-7195a18193f9",
+      "value": "Storm Cloud"
     }
   ],
   "version": 294