From b010a754267df68570875658bf5b41944f082b24 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 29 Feb 2024 10:38:27 -0800
Subject: [PATCH] [threat-actors] Add SPIKEDWINE

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bb14d1b..1274e6e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15269,6 +15269,16 @@
       },
       "uuid": "74268518-8dd9-4223-9f7f-54421463cdb3",
       "value": "GoldFactory"
+    },
+    {
+      "description": "SPIKEDWINE is a threat actor targeting European officials with a new backdoor called WINELOADER. They use a bait PDF document posing as an invitation letter from the Ambassador of India to lure diplomats. The attack is characterized by advanced tactics, techniques, and procedures in the malware and command and control infrastructure. The motivation behind the attacks seems to be exploiting the geopolitical relations between India and European nations.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader"
+        ]
+      },
+      "uuid": "d3cda6b1-a5da-4afc-bee4-80ea2cf05e5e",
+      "value": "SPIKEDWINE"
     }
   ],
   "version": 302