From 44d7b3e88f8a507b161cd0288171c135becf5516 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Fri, 3 Nov 2023 19:02:12 +0100
Subject: [PATCH] [threat-actors] Add Metador

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 31a073b..5808caa 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12299,6 +12299,17 @@
       },
       "uuid": "2031ae01-e962-4861-a224-0934af6cdd3a",
       "value": "YoroTrooper"
+    },
+    {
+      "description": "Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack chains are designed to bypass native security solutions while deploying malware platforms directly into memory. SentinelLabs researchers discovered variants of two long-standing Windows malware platforms, and indications of an additional Linux implant.",
+      "meta": {
+        "refs": [
+          "https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/",
+          "https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/"
+        ]
+      },
+      "uuid": "5d22315b-55ef-4d8a-86aa-00ba38057641",
+      "value": "Metador"
     }
   ],
   "version": 289