From 62256854bcdb66a1a070f7fba0e904f89f8a0355 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Mon, 13 Feb 2023 14:05:35 +0100
Subject: [PATCH] adding Broadcom name for SaintBear.

---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 71a17312..b63bcf60 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8954,13 +8954,15 @@
           "https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/",
           "https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/",
           "https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/",
-          "https://unit42.paloaltonetworks.com/atoms/nascentursa/"
+          "https://unit42.paloaltonetworks.com/atoms/nascentursa/",
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer"
         ],
         "synonyms": [
           "UNC2589",
           "TA471",
           "UAC-0056",
-          "Nascent Ursa"
+          "Nascent Ursa",
+          "Nodaria"
         ]
       },
       "uuid": "c67d3dfb-ab39-46e1-a971-5efdfe6a5b9f",