From a3e9e8c9445ef95e1faa762d27d1673ca9a977f7 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 31 Jul 2024 02:14:11 -0700
Subject: [PATCH] [threat-actors] Add SAMBASPIDER

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0af0755..a2e493d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16480,6 +16480,17 @@
       },
       "uuid": "d1ad4392-c85a-4f07-9818-a86f805a49f6",
       "value": "Storm-0506"
+    },
+    {
+      "description": "SAMBASPIDER is a threat actor associated to the Mispadu malware. On July 24, USDoD allegedly scraped and leaked a 100,000-line Indicator of Compromise list from CrowdStrike, revealing detailed threat intelligence data. The leak, posted on Breach Forums, includes critical insights into the Mispadu malware and SAMBASPIDER threat actor.",
+      "meta": {
+        "refs": [
+          "https://hackread.com/hacker-scrapes-publishes-crowdstrike-ioc-list/",
+          "https://www.crowdstrike.com/blog/hacktivist-usdod-claims-to-have-leaked-threat-actor-list/"
+        ]
+      },
+      "uuid": "0b71d2db-93fe-49b5-a9fd-7f8c94b86637",
+      "value": "SAMBASPIDER"
     }
   ],
   "version": 312