[threat-actors] Add Aggressive Inventory Zombies

2025-01-18 10:36:17 +00:00 · 2024-12-20 02:55:34 -08:00 · 2024-12-20 02:55:34 -08:00 · 7a12bc29c8
commit 7a12bc29c8
parent 753cca049b
1 changed files with 13 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -17548,6 +17548,19 @@
      },
      "uuid": "b869c1dc-0cf8-4d8a-b5f3-5b90c557db1c",
      "value": "Anonymous KSA"
+    },
+    {
+      "description": "Aggressive Inventory Zombies is a threat actor involved in a large-scale phishing and pig-butchering network targeting retail brands and cryptocurrency users. They create fraudulent sites using a popular website template that scrapes product details from legitimate e-commerce platforms and integrate chat services for phishing. Financial ties to India have been identified, and collaboration with Stark Industries has led to the dismantling of parts of their infrastructure, revealing the network's breadth. AIZ is also linked to Entropy ransomware infections, which were preceded by detections of Cobalt Strike beacons and Dridex malware.",
+      "meta": {
+        "refs": [
+          "https://www.silentpush.com/blog/aiz-retail-crypto-phishing/"
+        ],
+        "synonyms": [
+          "AIZ"
+        ]
+      },
+      "uuid": "ceabe862-3d89-4696-9d7f-32a4850334d9",
+      "value": "Aggressive Inventory Zombies"
    }
  ],
  "version": 321