From d3c15e1652a470d839d9c8a25033f8f6fabbc267 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 17 Nov 2023 02:59:56 -0800
Subject: [PATCH] [threat-actors] Add TA444

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b088671..0c5f2f2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13181,6 +13181,19 @@
       },
       "uuid": "000a2535-8fbf-459d-a067-d10528496a92",
       "value": "WeedSec"
+    },
+    {
+      "description": "TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and have recently shifted their attention to targeting cryptocurrencies. TA444 employs various infection methods and has a diverse range of malware and backdoors at their disposal. They have been attributed to stealing hundreds of millions of dollars' worth of cryptocurrency and related assets.",
+      "meta": {
+        "country": "KP",
+        "refs": [
+          "https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds",
+          "https://cyberscoop.com/north-korean-cryptocurrency-hackers-education-government/",
+          "https://www.darkreading.com/remote-workforce/north-korea-apt-swindled-1b-crypto-investors-2022"
+        ]
+      },
+      "uuid": "5a38db83-16b3-477f-a045-66a922868eea",
+      "value": "TA444"
     }
   ],
   "version": 294