From 8e53536147b287a7131099b7406bd5381a02d474 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 20 Dec 2023 03:40:25 -0800
Subject: [PATCH] [threat-actors] Add UNC4736

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b021aa5..68e33ad 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13861,6 +13861,17 @@
       },
       "uuid": "0b792fbe-87c2-42c5-8d0d-97c7d47078b5",
       "value": "Solntsepek"
+    },
+    {
+      "description": "UNC4736 is a North Korean threat actor that has been involved in supply chain attacks targeting software chains of 3CX and X_TRADER. They have used malware strains such as TAXHAUL, Coldcat, and VEILEDSIGNAL to compromise Windows and macOS systems. UNC4736 has been linked to financially motivated cybercrime operations, particularly focused on cryptocurrency and fintech-related services. They have also demonstrated infrastructure overlap with other North Korean and APT43 activity.",
+      "meta": {
+        "country": "KP",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
+        ]
+      },
+      "uuid": "afe5526e-e5e4-4b05-bc69-2bfb6785fc7e",
+      "value": "UNC4736"
     }
   ],
   "version": 296