From 681784a3ec22c4bddc9b09bf1ee4c55f1a764e6c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 1 Feb 2024 11:02:01 -0800
Subject: [PATCH] [threat-actors] Add Storm-1167

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 5b20d5a..ada0724 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14451,6 +14451,20 @@
       },
       "uuid": "5f485e47-18ad-4302-85a1-0a390fe90dc1",
       "value": "Storm-1295"
+    },
+    {
+      "description": "Storm-1167 is a threat actor tracked by Microsoft, known for their use of an AiTM phishing kit. They were responsible for launching an attack that led to Business Email Compromise activity.",
+      "meta": {
+        "country": "ID",
+        "refs": [
+          "https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/"
+        ],
+        "synonyms": [
+          "DEV-1167"
+        ]
+      },
+      "uuid": "17fb8267-44a3-405b-b6b9-ba7fdeb56693",
+      "value": "Storm-1167"
     }
   ],
   "version": 298