From 9ced077269b18c8988cda5fa2bd9ccee4675e33e Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 2 Nov 2023 05:17:14 -0700 Subject: [PATCH] [threat-actors] Add Scarred Manticore --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index fc47ca3..336e826 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -11959,6 +11959,17 @@ ], "uuid": "32eebd31-5e0f-4fb9-b478-26ff4e48aaf4", "value": "AtlasCross" + }, + { + "description": "Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety of custom web shells, custom DLL backdoors, and driver-based implants.", + "meta": { + "refs": [ + "https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/" + ], + "country": "IR" + }, + "uuid": "79d0da59-9400-40f6-b72b-6c6f47354d59", + "value": "Scarred Manticore" } ], "version": 285