From f5b7ad54789f7037b3846602a7f8584cc17f545d Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 8 Nov 2023 06:14:54 -0800
Subject: [PATCH] [threat-actors] Add DiceyF

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ca920f9..60758f0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12834,6 +12834,17 @@
       },
       "uuid": "e03a7ecb-b8a1-40c5-b5af-638ee6029374",
       "value": "SCARLETEEL"
+    },
+    {
+      "description": "DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhibited overlapping activity with LuckyStar PlugX and Earth Berberoka/GamblingPuppet, as reported by various cybersecurity vendors. While their motivations remain unclear, previous incidents suggest a combination of espionage and intellectual property theft rather than immediate financial gain. DiceyF continuously evolves their codebase and adds encryption capabilities to enhance their stealthy cyberespionage activities.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://securelist.com/diceyf-deploys-gameplayerframework-in-online-casino-development-studio/107723/"
+        ]
+      },
+      "uuid": "46de4091-379f-478c-bb6d-5833e2047f15",
+      "value": "DiceyF"
     }
   ],
   "version": 293