From cc4dca679b7fb0d34ee6c2114067b74ff80cc032 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 6 Feb 2024 07:30:06 -0800
Subject: [PATCH] [threat-actors] Add Earth Yako

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c02a1e53..78ac9c38 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14932,6 +14932,20 @@
       },
       "uuid": "3e9b98d9-0c61-4050-bafa-486622de0080",
       "value": "Operation Red Signature"
+    },
+    {
+      "description": "Earth Yako is a threat actor that has been actively targeting researchers in academic organizations and think tanks in Japan. They use spearphishing emails with malicious attachments to gain initial access to their targets' systems. Earth Yako's objectives and patterns suggest a possible connection to a Chinese APT group, but conclusive proof of their nationality is lacking. They have been observed using various malware delivery methods and techniques, such as the use of Winword.exe for DLL Hijacking.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/23/b/invitation-to-secret-event-uncovering-earth-yako-campaigns.html"
+        ],
+        "synonyms": [
+          "Operation RestyLink",
+          "Enelink"
+        ]
+      },
+      "uuid": "2875aff1-2a0f-4e82-ae42-607a3a74d129",
+      "value": "Earth Yako"
     }
   ],
   "version": 299