[threat-actors] Add ShroudedSnooper

clusters/threat-actor.json

@@ -12610,6 +12610,17 @@
       },
       "uuid": "391573c5-9c21-4984-b6b8-97d42623d6cc",
       "value": "1937CN"
+    },
+    {
+      "description": "In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East. They also discovered a sister implant to 'HTTPSnoop,’ that they are naming ‘PipeSnoop,’ which can accept arbitrary shellcode from a named pipe and execute it on the infected endpoint. Based on these findings, the researchers assess with high confidence that both implants belong to a new intrusion set that it named ‘ShroudedSnooper.’",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/introducing-shrouded-snooper/",
+          "https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/"
+        ]
+      },
+      "uuid": "3437c5a5-4c42-4665-99df-b17bc57a7ba6",
+      "value": "ShroudedSnooper"
     }
   ],
   "version": 292