From 0cd79994cca2ec43954555716548f8952cb9fadb Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Tue, 19 Feb 2019 22:38:11 +0100
Subject: [PATCH] Two more actor names from GTR2019

I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
---
 clusters/threat-actor.json | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8161735..11b0c0f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6351,6 +6351,26 @@
       },
       "uuid": "89a05f9f-a6dc-4426-8c15-a8d5ef6d8524",
       "value": "Tiny Spider"
+    },
+    {
+      "description": "According to CrowdStrike, this actor is using BokBok/IcedID, potentially buying distribution through Emotet infections.",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/"
+        ]
+      },
+      "uuid": "0db4c708-f33d-4d46-906d-12fdf7415f62",
+      "value": "Lunar Spider"
+    },
+    {
+      "description": "In July 2018, the source code of Pegasus, RATPAK SPIDER’s malware framework, was anonymously leaked. This malware has been linked to the targeting of Russia’s financial sector. Associated malware, Buhtrap, which has been leaked previously, was observed this year in connection with SWC campaigns that also targeted Russian users.",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/"
+        ]
+      },
+      "uuid": "ec3fda76-8c1c-4019-8109-3f92e6b15633",
+      "value": "Ratpak Spider"
     }
   ],
   "version": 91