From 798cebc970690a278200d3c9253ff76e75ba4c72 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:12 +0100
Subject: [PATCH] [threat-actors] Add ShroudedSnooper

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b9ff09d..4928f12 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12610,6 +12610,17 @@
       },
       "uuid": "391573c5-9c21-4984-b6b8-97d42623d6cc",
       "value": "1937CN"
+    },
+    {
+      "description": "In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East. They also discovered a sister implant to 'HTTPSnoop,’ that they are naming ‘PipeSnoop,’ which can accept arbitrary shellcode from a named pipe and execute it on the infected endpoint. Based on these findings, the researchers assess with high confidence that both implants belong to a new intrusion set that it named ‘ShroudedSnooper.’",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/introducing-shrouded-snooper/",
+          "https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/"
+        ]
+      },
+      "uuid": "3437c5a5-4c42-4665-99df-b17bc57a7ba6",
+      "value": "ShroudedSnooper"
     }
   ],
   "version": 292