From ecf246a103184db303e54a62b37052d8c4658de8 Mon Sep 17 00:00:00 2001
From: jstnk9 <joselsm94@gmail.com>
Date: Fri, 24 May 2024 09:39:04 +0200
Subject: [PATCH] Update threat-actor.json

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a2ba1b3..4d43853 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8967,6 +8967,19 @@
     {
       "description": "An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.",
       "meta": {
+        "country": "IN",
+        "cfr-suspected-state-sponsor": "India",
+        "cfr-suspected-victims": [
+          "China",
+          "Pakistan",
+          "Nepal",
+          "Afghanistan"
+        ],
+        "cfr-target-category": [
+          "Government",
+          "Military",
+          "Private Sector"
+        ],
         "refs": [
           "https://securelist.com/apt-trends-report-q1-2018/85280/",
           "https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/",