From 6de7c0176d7935c3e5cfb1387979f2c26b03c250 Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <plohmann@cs.uni-bonn.de>
Date: Thu, 25 Jan 2018 12:54:50 +0100
Subject: [PATCH] adding dark caracal

---
 clusters/threat-actor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d85ca336..123bc158 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2254,6 +2254,16 @@
           "https://cdn.securelist.com/files/2017/09/Microcin_Technical_4PDF_eng_final_s.pdf"
         ]
       }
+    },
+    {
+      "meta": {
+        "country": "LB",
+        "refs": [
+          "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        ]
+      },
+      "value": "Dark Caracal",
+      "description": "Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information."
     }
   ],
   "name": "Threat actor",
@@ -2268,5 +2278,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 30
+  "version": 31
 }