From 1c8d82cfcc6ca14791d2c3311181170449de19dc Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 14 Sep 2022 11:00:33 +0200
Subject: [PATCH] new: [threat-actor] hezb added

---
 clusters/threat-actor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a4ff9d4d..48fd6c6f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9725,7 +9725,17 @@
       },
       "uuid": "1bb64526-cc51-475a-b6bc-af30df9f2fb6",
       "value": "DangerousSavanna"
+    },
+    {
+      "description": "Hezb is a group deploying cryptominers when new exploit are available for public facing vulnerabilities. The name is after the miner process they deploy.",
+      "meta": {
+        "refs": [
+          "https://www.pwndefend.com/2022/06/04/cve-2022-26134-honeypot-payload-analysis-example/"
+        ]
+      },
+      "uuid": "fd82cd40-9306-4285-8fae-ad29a9711603",
+      "value": "Hezb"
     }
   ],
-  "version": 246
+  "version": 247
 }