From 74323acdfeaa681935328343e4200bfa5647fd38 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 15 Nov 2024 03:42:18 -0800
Subject: [PATCH] [threat-actors] Add SilkSpecter

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 082a628..23541cd 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17411,6 +17411,17 @@
       },
       "uuid": "9eeb11a0-3fcf-4036-844a-2500c72f8b69",
       "value": "TAG-112"
+    },
+    {
+      "description": "SilkSpecter is a Chinese financially motivated threat actor that orchestrates phishing campaigns targeting e-commerce shoppers, particularly during peak shopping seasons. They exploit legitimate payment processors like Stripe to exfiltrate Cardholder Data and Personally Identifiable Information through convincing fake e-commerce sites created using the oemapps SaaS platform. Their phishing infrastructure relies on Chinese-hosted CDN servers and utilizes deceptive elements such as the \"trusttollsvg\" icon and a \"/homeapi/collect\" endpoint to track victim interactions. Analysts have linked SilkSpecter to over 89 IP addresses and more than 4,000 domain names associated with phishing activities, predominantly using .top, .shop, .store, and .vip TLDs.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers"
+        ]
+      },
+      "uuid": "0f4c942f-9491-4844-b782-4ee65033c7e0",
+      "value": "SilkSpecter"
     }
   ],
   "version": 320