From 44c270e9dcf40eb7c712cf81eb3f193b282fe10d Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 1 Dec 2023 16:21:53 -0800 Subject: [PATCH] [threat-actors] Add ScamClub --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 9b80942..8b56512 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -13614,6 +13614,17 @@ }, "uuid": "f0bb3d3a-c012-4d12-b621-51192977f190", "value": "TunnelSnake" + }, + { + "description": "ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where security software is often lacking. ScamClub utilizes obfuscation techniques and real-time bidding integration with ad exchanges to push malicious JavaScript payloads, leading to forced redirects and various scams such as phishing and gift card scams.", + "meta": { + "refs": [ + "https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537", + "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts" + ] + }, + "uuid": "dae45b1c-f957-4242-aa5b-f36b08994bad", + "value": "ScamClub" } ], "version": 295