From 58e3e5f5d69e9482655c7265e726a1940b569d9c Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 4 May 2018 10:16:01 +0200
Subject: [PATCH] add ZooPark campaign

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b718a555..13b3926f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2665,6 +2665,16 @@
         "synonyms": []
       },
       "uuid": "3dddc77e-a52a-466a-bf1c-1463e352077f"
+    },
+    {
+      "value": "ZooPark",
+      "description": "ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Android devices using several generations of malware we label from v1-v4, with v4 being the most recent version deployed in 2017.",
+      "meta": {
+        "refs": [
+          "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03095519/ZooPark_for_public_final.pdf"
+        ]
+      },
+      "uuid": "4defbf2e-4f73-11e8-807f-578d61da7568"
     }
   ],
   "name": "Threat actor",