From 9c02509a282607feada4f7986d5c8e3819f6a7de Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 29 Nov 2023 11:28:37 -0800
Subject: [PATCH] [threat-actors] Add WildCard

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index be56889..ee8df94 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13579,6 +13579,16 @@
       },
       "uuid": "99d188cf-31e5-440d-a114-297cb2242d73",
       "value": "Red-Lili"
+    },
+    {
+      "description": "Wildcard is a threat actor that initially targeted Israel's educational sector with the SysJoker malware. They have since expanded their operations and developed additional malware variants, disguised as legitimate software, including one written in the Rust programming language called RustDown. Their precise identity remains unknown, but they have shown advanced capabilities and a focus on critical sectors within Israel.",
+      "meta": {
+        "refs": [
+          "https://intezer.com/blog/research/wildcard-evolution-of-sysjoker-cyber-threat/"
+        ]
+      },
+      "uuid": "dc8a7137-f56e-41db-a500-920e69fa29f5",
+      "value": "WildCard"
     }
   ],
   "version": 295