From dc9d98ffe91e67d36b6c1aff600df0d803acf92c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:18 -0800
Subject: [PATCH] [threat-actors] Add UNC4191

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b9005af..4fe0513 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13068,6 +13068,18 @@
       },
       "uuid": "6f6b187b-971b-4df9-a7ef-9b3fd7e092f7",
       "value": "DriftingCloud"
+    },
+    {
+      "description": "UNC4191 is a China-linked threat actor that has been involved in cyber espionage campaigns targeting public and private sectors primarily in Southeast Asia. They have been known to use USB devices as an initial infection vector and have been observed deploying various malware families on infected systems. UNC4191's operations have also extended to the US, Europe, and the Asia Pacific Japan region, with a particular focus on the Philippines.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia",
+          "https://therecord.media/espionage-group-using-usb-devices-to-hack-targets-in-southeast-asia/"
+        ]
+      },
+      "uuid": "df697450-57e0-496b-982c-a167ed41f023",
+      "value": "UNC4191"
     }
   ],
   "version": 294