From 98db303047030408a1195e6f490ed910babe54ef Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 10 Jul 2018 08:49:00 +0200
Subject: [PATCH] chg: [threat-actor] The Big Bang campaign/group added

---
 clusters/threat-actor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0a31ff7..a500a71 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2801,6 +2801,16 @@
         ]
       },
       "uuid": "79c7c7e0-79d5-11e8-9b9c-1ff96be20c0b"
+    },
+    {
+      "value": "The Big Bang",
+      "description": "While it is not clear exactly what the attacker is looking for, what is clear is that once he finds it, a second stage of the attack awaits, fetching additional modules and/or malware from the Command and Control server. This then is a surveillance attack in progress and has been dubbed ‘Big Bang’ due to the attacker’s fondness for the ‘Big Bang Theory’ TV show, after which some of the malware’s modules are named.",
+      "meta": {
+        "refs": [
+          "https://research.checkpoint.com/apt-attack-middle-east-big-bang/",
+          "https://blog.talosintelligence.com/2017/06/palestine-delphi.html"
+        ]
+      }
     }
   ],
   "name": "Threat actor",
@@ -2815,5 +2825,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 44
+  "version": 45
 }