From b0cd884afcb6b477f34ac1a5dd1e4172baf6df0f Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Fri, 18 Feb 2022 10:54:25 +0100
Subject: [PATCH] add TA2541

---
 clusters/threat-actor.json | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d989a09..2b90fdf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8938,7 +8938,15 @@
       },
       "uuid": "8482f350-867c-11ec-a8a3-0242ac120002",
       "value": "Antlion"
-    }
-  ],
-  "version": 211
+    },
+{
+  "value": "TA2541",
+  "description": "Persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years. This threat actor consistently uses remote access trojans (RATs) that can be used to remotely control compromised machines. This threat actor uses consistent themes related to aviation, transportation, and travel. The threat actor has used similar themes and targeting since 2017.",
+  "meta": {
+    "refs": [
+      "https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight"
+      ]  }
+}
+  ],
+  "version": 212
 }