From 74ff4b957a05772388e9448318385470e1997cbc Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Tue, 30 Oct 2018 13:28:27 +0100
Subject: [PATCH] add Operation EvilTraffic

---
 clusters/threat-actor.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2534fbf..07f542d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5983,7 +5983,18 @@
       },
       "uuid": "d5e90854-d5c9-11e8-98b9-1f98eb80d30a",
       "value": "The Shadow Brokers"
+    },
+    {
+      "value" : "EvilTraffic",
+      "description": "Malware experts at CSE Cybsec uncovered a massive malvertising campaign dubbed EvilTraffic leveraging tens of thousands compromised websites. Crooks exploited some CMS vulnerabilities to upload and execute arbitrary PHP pages used to generate revenues via advertising.",
+      "meta": {
+        "refs": [
+          "http://securityaffairs.co/wordpress/68059/cyber-crime/eviltraffic-malvertising-campaign.html",
+          "http://csecybsec.com/download/zlab/20180121_CSE_Massive_Malvertising_Report.pdf"
+        ]
+      },
+      "uuid": "c2d5a052-dc30-11e8-9643-d76f3b9c94fa"
     }
   ],
-  "version": 75
+  "version": 76
 }