[threat-actors] Add ScamClub

This commit is contained in:
Mathieu4141 2023-12-01 16:21:53 -08:00
parent 6c2cb8979f
commit 44c270e9dc

View file

@ -13614,6 +13614,17 @@
}, },
"uuid": "f0bb3d3a-c012-4d12-b621-51192977f190", "uuid": "f0bb3d3a-c012-4d12-b621-51192977f190",
"value": "TunnelSnake" "value": "TunnelSnake"
},
{
"description": "ScamClub is a threat actor involved in malvertising activities since 2018. They target the Mobile Web market segment, particularly on iOS devices, where security software is often lacking. ScamClub utilizes obfuscation techniques and real-time bidding integration with ad exchanges to push malicious JavaScript payloads, leading to forced redirects and various scams such as phishing and gift card scams.",
"meta": {
"refs": [
"https://blog.confiant.com/exploring-scamclub-payloads-via-deobfuscation-using-abstract-syntax-trees-65ef7f412537",
"https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts"
]
},
"uuid": "dae45b1c-f957-4242-aa5b-f36b08994bad",
"value": "ScamClub"
} }
], ],
"version": 295 "version": 295