From 9710e09e179cd8ffa74d75582f87f5931b28adf1 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Thu, 2 Feb 2023 11:46:50 +0100
Subject: [PATCH] new APT29 name used by Recorded Future

cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2a8f947..d7a71f8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2243,7 +2243,8 @@
           "https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/",
           "https://www.secureworks.com/research/threat-profiles/iron-hemlock",
           "https://attack.mitre.org/groups/G0016",
-          "https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/"
+          "https://unit42.paloaltonetworks.com/atoms/cloaked-ursa/",
+          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf"
         ],
         "synonyms": [
           "Group 100",
@@ -2259,7 +2260,8 @@
           "Cloaked Ursa",
           "TA421",
           "Blue Kitsune",
-          "ITG11"
+          "ITG11",
+          "BlueBravo"
         ]
       },
       "related": [