From 44d7b3e88f8a507b161cd0288171c135becf5516 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Fri, 3 Nov 2023 19:02:12 +0100 Subject: [PATCH] [threat-actors] Add Metador --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 31a073b..5808caa 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12299,6 +12299,17 @@ }, "uuid": "2031ae01-e962-4861-a224-0934af6cdd3a", "value": "YoroTrooper" + }, + { + "description": "Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack chains are designed to bypass native security solutions while deploying malware platforms directly into memory. SentinelLabs researchers discovered variants of two long-standing Windows malware platforms, and indications of an additional Linux implant.", + "meta": { + "refs": [ + "https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/", + "https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/" + ] + }, + "uuid": "5d22315b-55ef-4d8a-86aa-00ba38057641", + "value": "Metador" } ], "version": 289