From 5ce8aae89ef9aebd344b451f37a0791554baa839 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 15 Mar 2019 15:04:29 +0100
Subject: [PATCH] add Operation Comando - hit version 100

---
 clusters/threat-actor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f15dfe6..70f379b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6620,7 +6620,17 @@
       },
       "uuid": "dc15f388-a353-4185-b28e-015745f708ba",
       "value": "SandCat"
+    },
+    {
+      "description": "Operation Comando is a pure cybercrime campaign, possibly with Brazilian origin, with a concrete and persistent focus on the hospitality sector, which proves how a threat actor can be successful in pursuing its objectives while maintaining a cheap budget. The use of DDNS services, publicly available remote access tools, and having a minimum knowledge on software development (in this case VB.NET) has been enough for running a campaign lasting month, and potentially gathering credit card information and other possible data. ",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business/"
+        ]
+      },
+      "uuid": "35c40ce2-57c0-479e-8a56-efbb8695e395",
+      "value": "Operation Comando"
     }
   ],
-  "version": 99
+  "version": 100
 }