[threat-actors] Add OldGremlin

2024-11-22 23:07:19 +00:00 · 2023-11-20 09:29:06 -08:00 · 2023-11-20 09:29:06 -08:00 · c4142b2ee7
commit c4142b2ee7
parent a08311c5f1
1 changed files with 13 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -13304,6 +13304,19 @@
      },
      "uuid": "aca6b3d2-1c3b-4674-9de8-975e35723bcf",
      "value": "TiltedTemple"
+    },
+    {
+      "description": "OldGremlin is a Russian-speaking ransomware group that has been active for several years. They primarily target organizations in Russia, including banks, logistics, industrial, insurance, retail, and IT companies. OldGremlin is known for using phishing emails as an initial infection vector and has developed custom malware for both Windows and Linux systems. They have conducted multiple malicious email campaigns and demand large ransoms from their victims, with some reaching millions of dollars.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-new-ransomware-actor-oldgremlin-hits-multiple-organizations",
+          "https://www.group-ib.com/blog/oldgremlin-comeback/",
+          "https://www.group-ib.com/media-center/press-releases/oldgremlin/"
+        ]
+      },
+      "uuid": "ad8b73df-c526-4a32-b52f-c7c3c4c058d2",
+      "value": "OldGremlin"
    }
  ],
  "version": 294