From cd532724700df0c0fa7163cc9858da238261bae6 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 3 Jul 2018 11:16:19 +0200
Subject: [PATCH] chg: RANCOR group added

---
 clusters/threat-actor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 943706b5..b8786e06 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2711,6 +2711,16 @@
         ]
       },
       "uuid": "1533bc1a-745a-11e8-90e3-efa3e975fef3s"
+    },
+    {
+      "value": "RANCOR",
+      "description": "The Rancor group’s attacks use two primary malware families which we describe in depth later in this blog and are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears to be new addition to these attackers’ toolkit.",
+      "meta": {
+        "refs": [
+          "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
+        ]
+      },
+      "uuid": "14e7266a-6dd8-4000-8951-4bd93e357d4b"
     }
   ],
   "name": "Threat actor",
@@ -2725,5 +2735,5 @@
   ],
   "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
   "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 43
+  "version": 44
 }