From 240a757826ef6870c8d09ea6c943ba606269f661 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Wed, 13 Jul 2022 10:02:07 +0200
Subject: [PATCH] Update threat-actor.json

adding Predatory Sparrow due to recent events.
---
 clusters/threat-actor.json | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 5dd0a538..5e8eb7bc 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9569,7 +9569,31 @@
       },
       "uuid": "3c5129ea-8f18-4bcf-a33b-b5aab0720494",
       "value": "POLONIUM"
+    },
+    {
+      "description": "A self-proclaimed hacktivist group that carried out attacks against Iranian railway systems and against Iranian steel plants.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "Iran"
+        ],
+        "cfr-target-category": [
+          "Critical manufacturing",
+          "Transportation systems"
+        ],
+        "cfr-type-of-incident": "Sabotage",
+        "refs": [
+          "https://www.bbc.com/news/technology-62072480",
+          "https://twitter.com/_cpresearch_/status/1541753913732366338",
+          "https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/"
+        ],
+        "synonyms": [
+          "Indra",
+          "Gonjeshke Darande"
+        ]
+      },
+      "uuid": "e665ac2f-87b4-4c2e-bef7-78bf0a8af87b",
+      "value": "Predatory Sparrow"
     }
   ],
-  "version": 230
+  "version": 231
 }