From 33ff650327f3ff17d1c6081e90ca8648b0cad4e2 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 10 Feb 2023 14:14:28 -0800
Subject: [PATCH] [threat-actors] Add more information about NoName057(16)

---
 clusters/threat-actor.json | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d7a71f84..71a17312 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9776,11 +9776,14 @@
       "description": "NoName057(16) is performing DDoS attacks on websites belonging to governments, news agencies, armies, suppliers, telecommunications companies, transportation authorities, financial institutions, and more in Ukraine and neighboring countries supporting Ukraine, like Ukraine itself, Estonia, Lithuania, Norway, and Poland.",
       "meta": {
         "cfr-suspected-victims": [
-          "Ukraine",
+          "Czech Republic",
+          "Denmark",
           "Estonia",
           "Lithuania",
+          "NATO",
           "Norway",
-          "Poland"
+          "Poland",
+          "Ukraine"
         ],
         "cfr-target-category": [
           "Financial",
@@ -9793,7 +9796,15 @@
           "Denial of service"
         ],
         "refs": [
-          "https://decoded.avast.io/martinchlumecky/bobik/"
+          "https://decoded.avast.io/martinchlumecky/bobik/",
+          "https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/",
+          "https://www.gov.pl/web/special-services/russian-cyberattacks"
+        ],
+        "synonyms": [
+          "NoName057",
+          "NoName05716",
+          "05716nnm",
+          "Nnm05716"
         ]
       },
       "uuid": "e62937d0-dec6-4c39-a836-e43b1d138df4",
@@ -9994,5 +10005,5 @@
       "value": "Malteiro"
     }
   ],
-  "version": 257
+  "version": 258
 }