From 7a12bc29c80abec6895739b27b57484d121ed971 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 20 Dec 2024 02:55:34 -0800
Subject: [PATCH] [threat-actors] Add Aggressive Inventory Zombies

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1d45d5f..cb58587 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17548,6 +17548,19 @@
       },
       "uuid": "b869c1dc-0cf8-4d8a-b5f3-5b90c557db1c",
       "value": "Anonymous KSA"
+    },
+    {
+      "description": "Aggressive Inventory Zombies is a threat actor involved in a large-scale phishing and pig-butchering network targeting retail brands and cryptocurrency users. They create fraudulent sites using a popular website template that scrapes product details from legitimate e-commerce platforms and integrate chat services for phishing. Financial ties to India have been identified, and collaboration with Stark Industries has led to the dismantling of parts of their infrastructure, revealing the network's breadth. AIZ is also linked to Entropy ransomware infections, which were preceded by detections of Cobalt Strike beacons and Dridex malware.",
+      "meta": {
+        "refs": [
+          "https://www.silentpush.com/blog/aiz-retail-crypto-phishing/"
+        ],
+        "synonyms": [
+          "AIZ"
+        ]
+      },
+      "uuid": "ceabe862-3d89-4696-9d7f-32a4850334d9",
+      "value": "Aggressive Inventory Zombies"
     }
   ],
   "version": 321