From cf7cdcbc2b8ae871719e320740c6b8cf5c5718d2 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 6 Dec 2023 17:42:33 -0800
Subject: [PATCH] [threat-actors] Add DEV-0569

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 859eefc..de7435e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13715,6 +13715,19 @@
       },
       "uuid": "9795249f-8954-4632-830f-7e1f0ebc1dd5",
       "value": "UNC215"
+    },
+    {
+      "description": "DEV-0569, also known as Storm-0569, is a threat actor group that has been observed deploying the Royal ransomware. They utilize malicious ads and phishing techniques to distribute malware and gain initial access to networks. The group has been linked to the distribution of payloads such as Batloader and has forged relationships with other threat actors. DEV-0569 has targeted various sectors, including healthcare, communications, manufacturing, and education in the United States and Brazil.",
+      "meta": {
+        "refs": [
+          "https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/"
+        ],
+        "synonyms": [
+          "Storm-0569"
+        ]
+      },
+      "uuid": "e883458d-496f-4a94-b916-4b7b83e3d525",
+      "value": "DEV-0569"
     }
   ],
   "version": 295