From 679a59e96d212f52b131d083aad5321b24dc72e5 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 26 Jul 2024 06:27:01 -0700
Subject: [PATCH] [threat-actors] Add Stargazer Goblin

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ae20855..cf1cfe3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16423,6 +16423,16 @@
       },
       "uuid": "9565bf78-7c9c-41cd-9ed0-58031f6d8978",
       "value": "UAC-0063"
+    },
+    {
+      "description": "Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accounts. They utilize compromised and created accounts to evade detection and quickly replace banned components to continue their operations. The group has been estimated to have earned approximately $100,000 from their malicious activities, offering a Distribution as a Service platform for other threat actors to distribute their malware. Stargazer Goblin has been involved in distributing various malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.",
+      "meta": {
+        "refs": [
+          "https://research.checkpoint.com/2024/stargazers-ghost-network/"
+        ]
+      },
+      "uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc",
+      "value": "Stargazer Goblin"
     }
   ],
   "version": 312