From b61a0a60a2b354a22db8ba92b1117d3b612b39fe Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 22 Jan 2024 10:01:13 -0800
Subject: [PATCH] [threat-actors] Add Caliente Bandits

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 02df590..585d6c2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14081,6 +14081,19 @@
       },
       "uuid": "a9f894c6-70ab-4174-b470-5999fe93d4f3",
       "value": "Cyber Partisans"
+    },
+    {
+      "description": "Caliente Bandits is a highly active threat group that targets multiple industries, including finance and entertainment. They distribute the Bandook remote access trojan using Spanish-language lures through low-volume email campaigns. The group primarily impacts individuals with Spanish surnames and conducts reconnaissance to obtain employee data. They masquerade as companies in South America and use Hotmail or Gmail email addresses.",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook"
+        ],
+        "synonyms": [
+          "TA2721"
+        ]
+      },
+      "uuid": "6a77a337-bfa0-416c-8c06-1d489d0d6838",
+      "value": "Caliente Bandits"
     }
   ],
   "version": 297