From 640018599ab4cd6ccf28cd09143675251a7dc382 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 17 Apr 2024 10:09:09 -0700
Subject: [PATCH] [threat-actors] Add Starry Addax

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 019ddc0..b6344b5 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15632,6 +15632,16 @@
       },
       "uuid": "edd85e27-9d05-4bc7-9b2b-5422e909336a",
       "value": "Earth Hundun"
+    },
+    {
+      "description": "Starry Addax is a threat actor targeting human rights activists associated with the Sahrawi Arab Democratic Republic using a novel mobile malware called FlexStarling. They conduct phishing attacks to trick targets into installing malicious Android applications and serve credential-harvesting pages to Windows-based targets. Their infrastructure targets both Windows and Android users, with the campaign starting with spear-phishing emails containing requests to install specific mobile apps or related themes. The campaign is in its early stages, with potential for additional malware variants and infrastructure development.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/starry-addax/"
+        ]
+      },
+      "uuid": "579fde0d-0840-4e49-ad62-405ce338f5a6",
+      "value": "Starry Addax"
     }
   ],
   "version": 305