From 5b1af60db33997be350b2dc4d052d192fad07f53 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 2 Nov 2023 06:29:30 -0700
Subject: [PATCH] [threat-actors] Add Keksec

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 942ea3b..f03852c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12092,6 +12092,19 @@
       },
       "uuid": "79d0da59-9400-40f6-b72b-6c6f47354d59",
       "value": "Scarred Manticore"
+    },
+    {
+      "description": "The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis (see below for more detail on Keksec)",
+      "meta": {
+        "refs": [
+          "https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet",
+          "https://www.cybersecurity-insiders.com/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers-and-android-devices/?utm_source=rss&utm_medium=rss&utm_campaign=rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers-and-android-devices",
+          "https://blog.netlab.360.com/necro-upgrades-again-using-tor-dynamic-domain-dga-and-aiming-at-both-windows-linux/",
+          "https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/"
+        ]
+      },
+      "uuid": "b01f7ed8-db75-45c7-ac7b-60aa4a1f7f4b",
+      "value": "Keksec"
     }
   ],
   "version": 288