From a944be0d25a689c4a99f7cfe52eb3c53e919ed11 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 15 Jul 2024 08:06:23 -0700
Subject: [PATCH] [threat-actors] Add CRYSTALRAY

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d970464d..83885f59 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16368,6 +16368,16 @@
       },
       "uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
       "value": "Void Banshee"
+    },
+    {
+      "description": "CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They target victims to collect and sell credentials, deploy cryptominers, and maintain persistence in compromised environments. CRYSTALRAY uses multiple backdoors to control access and spreads through victim networks using SSH-Snake. The actor also uses tools like Platypus for managing victims and extracting sensitive information from compromised systems.",
+      "meta": {
+        "refs": [
+          "https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/"
+        ]
+      },
+      "uuid": "feeab818-a9bd-4bff-9923-bf8421abd6c5",
+      "value": "CRYSTALRAY"
     }
   ],
   "version": 312