From 2cf8b058bb810afa64bafd284ffa8a07a19d0d97 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 17 Apr 2024 10:09:08 -0700
Subject: [PATCH] [threat-actors] Add Bignosa

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1f09729..795b531 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15560,6 +15560,17 @@
       },
       "uuid": "21ad5aad-0a55-457d-b94d-3b4565e82e0a",
       "value": "CyberNiggers"
+    },
+    {
+      "description": "Bignosa is a threat actor known for launching malware campaigns targeting Australian and US organizations using phishing emails with disguised Agent Tesla attachments protected by Cassandra Protector. They compromised servers by installing Plesk and RoundCube, connected via SSH and RDP, and used advanced obfuscation methods to evade detection. Bignosa collaborated with another cybercriminal named Gods, who provided advice and assistance in their malicious activities. The actor has been linked to multiple phishing attacks and malware distribution campaigns, showcasing a high level of sophistication in their operations.",
+      "meta": {
+        "country": "KE",
+        "refs": [
+          "https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/"
+        ]
+      },
+      "uuid": "07232925-bd1b-49a9-adca-46536ff6fdd8",
+      "value": "Bignosa"
     }
   ],
   "version": 305