From f52382a29ab61228367348f72e77cba637ae7eee Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 10:37:08 -0800
Subject: [PATCH] [threat-actors] Add Dalbit

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e1884a0..aef7928 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12797,6 +12797,20 @@
       },
       "uuid": "87f1ab70-a102-4566-a09e-838b39c18a62",
       "value": "BlueBottle"
+    },
+    {
+      "description": "The group usually targets vulnerable servers to breach information including internal data from companies or encrypts files and demands money. Their targets of attack are usually Windows servers that are poorly managed or are not patched to the latest version. Besides these, there are also attack cases that targeted email servers or MS-SQL database servers.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://asec.ahnlab.com/en/56941/",
+          "https://asec.ahnlab.com/en/56236/",
+          "https://asec.ahnlab.com/en/47455/",
+          "https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/"
+        ]
+      },
+      "uuid": "be4ea668-6a74-44d9-946e-e98e64a8855b",
+      "value": "Dalbit"
     }
   ],
   "version": 293