From a20a8efd28ccbf92ffedd40fb1a06aa86cf6f90b Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 20 Dec 2024 02:55:34 -0800
Subject: [PATCH] [threat-actors] Add FunkSec

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f43813c..8942b0a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17514,6 +17514,16 @@
       },
       "uuid": "48e2e297-55bd-4a6f-9c72-bc10ed06afa1",
       "value": "Massgrave"
+    },
+    {
+      "description": "Funksec is a newly identified extortion group that has claimed 11 victims across various sectors, including media, IT, and education, operating a Tor-based DLS to centralize its ransomware activities. The group advertises a free DDoS tool and may develop its own ransomware binary, indicating significant technical capability. The DLS was likely created in late November to early December 2024, with the first advertisement titled “Funksec Ransomware” posted on 3 December 2024. Currently, there is limited publicly available information on Funksec's TTPs, and it is not known to be associated with any other threat groups.",
+      "meta": {
+        "refs": [
+          "https://www.cyjax.com/resources/blog/take-me-down-to-funksec-town-funksec-ransomware-dls-emergence/"
+        ]
+      },
+      "uuid": "052519d2-1a4f-49d1-abe6-baffce51fedb",
+      "value": "FunkSec"
     }
   ],
   "version": 321