diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 39e2c8d..87259aa 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16068,6 +16068,16 @@ }, "uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998", "value": "SEXi" + }, + { + "description": "LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised RDP credentials to gain access to victim organizations. Their post-compromise activities involve deploying MeshAgent and a customized version of QuasarRAT known as PurpleInk to maintain control over infected systems. LilacSquid has been observed using tools like Secure Socket Funneling for data exfiltration.", + "meta": { + "refs": [ + "https://blog.talosintelligence.com/lilacsquid/" + ] + }, + "uuid": "efacc258-fa0e-4686-99d2-03bab14a640e", + "value": "LilacSquid" } ], "version": 310