From cff0da0b3a287389e47b4cda14cf8429ffb94d64 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 5 Feb 2024 09:20:10 -0800
Subject: [PATCH] [threat-actors] Add RevengeHotels

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1f93174..862d9b2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14837,6 +14837,16 @@
       },
       "uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
       "value": "Fishing Elephant"
+    },
+    {
+      "description": "RevengeHotels is a targeted cybercrime campaign that has been active since 2015, primarily targeting hotels, hostels, and tourism companies. The threat actor uses remote access Trojan malware to infiltrate hotel front desks and steal credit card data from guests and travelers. The campaign has impacted hotels in multiple countries, including Brazil, Argentina, Chile, and Mexico. The threat actor employs social engineering techniques and sells credentials from infected systems to other cybercriminals for remote access.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/revengehotels/95229/"
+        ]
+      },
+      "uuid": "083acee6-6969-4c74-80c2-5d442936aa97",
+      "value": "RevengeHotels"
     }
   ],
   "version": 299