From 8eeceafc515814d2214862e6f95a6a5c42e3f2cb Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sat, 18 Jan 2020 17:02:44 +0100
Subject: [PATCH] chg: [threat-actor] Budminer APT added based on document from
 "Soesanto, Stefan"

Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
---
 clusters/threat-actor.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 415303e3..b2e33420 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7872,7 +7872,19 @@
       },
       "uuid": "c4ce1174-9462-47e9-8038-794f40a184b3",
       "value": "SideWinder"
+    },
+    {
+      "description": "Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not seen newcampaigns using Taidoor malware since 2014, we believe the Budminer group has changedtactics to avoid detection after being outed publicly in security white papers and blogs over thepast few years.",
+      "value": "Budminer",
+      "meta": [
+        "https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan",
+        "https://app.box.com/s/xqh458fe1url7mgl072hhd0yxqw3x0jm",
+        "https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf"
+      ],
+      "synonyms": "Budminer cyberespionage group",
+      "suspected-victims": "Taiwan",
+      "country": "CN"
     }
   ],
-  "version": 149
+  "version": 150
 }