From 9c0f18e9b9475ae76bd3fa3690f563169c2272f2 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Wed, 29 Nov 2023 11:28:37 -0800 Subject: [PATCH] [threat-actors] Add MalKamak --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 7a52ac8..0fb8af9 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -13526,6 +13526,17 @@ }, "uuid": "e06e1bcd-7da2-4732-934a-9fa1efa427ad", "value": "Blacktail" + }, + { + "description": "MalKamak is an Iranian threat actor that has been operating since at least 2018. They have been involved in highly targeted cyber espionage campaigns against global aerospace and telecommunications companies. MalKamak utilizes a sophisticated remote access Trojan called ShellClient, which evades antivirus tools and uses cloud services like Dropbox for command and control.", + "meta": { + "country": "IR", + "refs": [ + "https://www.cybereason.com/blog/research/operation-ghostshell-novel-rat-targets-global-aerospace-and-telecoms-firms" + ] + }, + "uuid": "4915bfa3-5f0a-48ec-8ed5-bcd878cba504", + "value": "MalKamak" } ], "version": 295