From c9fd60d14bb9a05e177cab3086a539129d9cbc19 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 14 Nov 2018 20:46:06 +0100
Subject: [PATCH] chg: [threat-actor] INDRIK SPIDER added

---
 clusters/threat-actor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index df550bf..baccfd3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6012,7 +6012,17 @@
       },
       "uuid": "dce617eb-a3b6-4a9a-bd76-575c424f9761",
       "value": "HookAds"
+    },
+    {
+      "description": "INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of the most prolific eCrime banking trojans on the market and, since 2014, those efforts are thought to have netted INDRIK SPIDER millions of dollars in criminal profits. Throughout its years of operation, Dridex has received multiple updates with new modules developed and new anti-analysis features added to the malware.",
+      "meta": {
+        "refs": [
+          "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/"
+        ]
+      },
+      "uuid": "658314bc-3bb8-48d2-913a-c528607b75c8",
+      "value": "INDRIK SPIDER"
     }
   ],
-  "version": 78
+  "version": 79
 }