From c832066fa5fd9fb1644ef8d7047d16f123d5cd89 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 16 Nov 2023 07:10:19 -0800
Subject: [PATCH] [threat-actors] Add AppMilad

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f1e98ed..afc5ec0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13114,6 +13114,17 @@
       },
       "uuid": "a9f29636-26e4-42f0-95d1-7a49dd6f0a79",
       "value": "Earth Kitsune"
+    },
+    {
+      "description": "AppMilad is an Iranian hacking group that has been identified as the source of a spyware campaign called RatMilad. This spyware is designed to silently infiltrate victims' devices and gather personal and corporate information, including private communications and photos. The group has been distributing the spyware through fake apps and targeting primarily Middle Eastern enterprises.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://zimpstage.wpengine.com/blog/we-smell-a-ratmilad-mobile-spyware/"
+        ]
+      },
+      "uuid": "e284c356-4b77-4f86-a8f2-7793cbe8662b",
+      "value": "AppMilad"
     }
   ],
   "version": 294