From ce555828e1fd675efb2bd8034eb89cc9a0225929 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:18 -0800
Subject: [PATCH] [threat-actors] Add MurenShark

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ada4f3e..fac0ac6 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13042,6 +13042,19 @@
       },
       "uuid": "2ce00149-9a25-4dea-8dd5-59bdb68d11a1",
       "value": "Chernovite"
+    },
+    {
+      "description": "MurenShark is an advanced persistent threat group that operates primarily in the Middle East, with a focus on targeting Turkey. They have shown interest in military projects, as well as research institutes and universities. This group is highly skilled in counter-analysis and reverse traceability, using sophisticated tactics to avoid detection. They utilize compromised websites as file servers and command and control servers, and have been known to use attack tools like NiceRender for phishing purposes.",
+      "meta": {
+        "refs": [
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-murenshark-apt-threat-actors-aka-actor210426-active-iocs"
+        ],
+        "synonyms": [
+          "Actor210426"
+        ]
+      },
+      "uuid": "e5c78742-bf60-4da8-b038-d548ae3f4ecb",
+      "value": "MurenShark"
     }
   ],
   "version": 294