From 6e7e5e60ceba4cc558a5de90484518ef7227b168 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:19 -0800
Subject: [PATCH] [threat-actors] Add Earth Kitsune

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a18562e..f1e98ed 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13101,6 +13101,19 @@
       },
       "uuid": "ab376039-4ede-4dfc-a45b-c80d9d994657",
       "value": "FusionCore"
+    },
+    {
+      "description": "Earth Kitsune is an advanced persistent threat actor that has been active since at least 2019. They primarily target individuals interested in North Korea and use various tactics, such as compromising websites and employing social engineering, to distribute self-developed backdoors. Earth Kitsune demonstrates technical proficiency and continuously evolves their tools, tactics, and procedures. They have been associated with malware such as WhiskerSpy and SLUB.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html",
+          "https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html",
+          "https://www.trendmicro.com/en_us/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html",
+          "https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations/"
+        ]
+      },
+      "uuid": "a9f29636-26e4-42f0-95d1-7a49dd6f0a79",
+      "value": "Earth Kitsune"
     }
   ],
   "version": 294