From 56f990d1005239a096bd4ad6b5c9952b89d363ed Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 10:37:08 -0800
Subject: [PATCH] [threat-actors] Add BlueBottle

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4c06eec..e1884a0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12787,6 +12787,16 @@
       },
       "uuid": "83764206-8012-47c6-9c7a-dc04c99559e7",
       "value": "Xcatze"
+    },
+    {
+      "description": "Bluebottle, a cyber-crime group that specializes in targeted attacks against the financial sector, is continuing to mount attacks on banks in Francophone countries. The group makes extensive use of living off the land, dual-use tools, and commodity malware, with no custom malware deployed in this campaign.",
+      "meta": {
+        "refs": [
+          "http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa"
+        ]
+      },
+      "uuid": "87f1ab70-a102-4566-a09e-838b39c18a62",
+      "value": "BlueBottle"
     }
   ],
   "version": 293