Merge pull request #718 from Mathieu4141/ta/ransom-house

Add `RansomHouse` group
2024-11-23 07:17:17 +00:00 · 2022-05-24 07:45:28 +02:00 · 2022-05-24 07:45:28 +02:00 · ff280a9b44
commit ff280a9b44
parent a838eaf9db dca70783bf
1 changed files with 13 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -2689,7 +2689,6 @@
          "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf",
          "https://www.us-cert.gov/ncas/alerts/TA17-163A",
          "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid",
-          "https://www.cfr.org/interactive/cyber-operations/black-energy",
          "https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks",
          "https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage",
          "https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/",
@ -9319,6 +9318,19 @@
      },
      "uuid": "7ab283ac-b78f-42db-b564-0550b9637b0b",
      "value": "TA579"
+    },
+    {
+      "description": "This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear if they conducted the attacks themselves, or if they bought leaked databases from third parties.",
+      "meta": {
+        "cfr-target-category": [
+          "Private sector"
+        ],
+        "refs": [
+          "https://webz.io/dwp/new-ransomware-group-ransomhouse-is-it-real-or-fake/"
+        ]
+      },
+      "uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
+      "value": "RansomHouse"
    }
  ],
  "version": 227