[threat-actors] Add Stargazer Goblin

MISP · Jul 26, 2024 · 679a59e · 679a59e
1 parent 747a7b4
commit 679a59e
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
@@ -16423,6 +16423,16 @@
       },
       "uuid": "9565bf78-7c9c-41cd-9ed0-58031f6d8978",
       "value": "UAC-0063"
+    },
+    {
+      "description": "Stargazer Goblin is a threat actor group that operates the Stargazers Ghost Network on GitHub, distributing malware and malicious links through multiple accounts. They utilize compromised and created accounts to evade detection and quickly replace banned components to continue their operations. The group has been estimated to have earned approximately $100,000 from their malicious activities, offering a Distribution as a Service platform for other threat actors to distribute their malware. Stargazer Goblin has been involved in distributing various malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.",
+      "meta": {
+        "refs": [
+          "https://research.checkpoint.com/2024/stargazers-ghost-network/"
+        ]
+      },
+      "uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc",
+      "value": "Stargazer Goblin"
     }
   ],
   "version": 312