From 254dd47a61749adfc98d7511f2febe2ce11a6565 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Fri, 18 Feb 2022 08:24:35 +0100
Subject: [PATCH 1/2] adding ACTINIUM as MSFT name for Gamaredon

---
 clusters/threat-actor.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d989a093..1f7f64b1 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4198,11 +4198,13 @@
           "https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon",
           "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
           "https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/",
-          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine"
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine",
+          "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/"
         ],
         "synonyms": [
           "Primitive Bear",
-          "Shuckworm"
+          "Shuckworm",
+          "ACTINIUM"
         ]
       },
       "related": [

From 321e4b4a577f996e1d080b16c1504ad8a5f004aa Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Fri, 18 Feb 2022 08:26:01 +0100
Subject: [PATCH 2/2] another Gamaredon ref and version bump

---
 clusters/threat-actor.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1f7f64b1..e5f43f63 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4199,7 +4199,8 @@
           "https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
           "https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/",
           "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine",
-          "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/"
+          "https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/",
+          "https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/"
         ],
         "synonyms": [
           "Primitive Bear",
@@ -8942,5 +8943,5 @@
       "value": "Antlion"
     }
   ],
-  "version": 211
+  "version": 212
 }