From 28e02d308f162a5f94f1ea818cd7d8737adb9a9c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 13 Nov 2023 04:36:57 -0800
Subject: [PATCH] [threat-actors] Add DarkCasino

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ba3f8d3..8ad97eb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12956,6 +12956,16 @@
       },
       "uuid": "3689f0e2-6c39-4864-ae0b-cc03e4cb695a",
       "value": "Zarya"
+    },
+    {
+      "description": "DarkCasino is an economically motivated APT group that targets online trading platforms, including cryptocurrencies, online casinos, network banks, and online credit platforms. They are skilled at stealing passwords to access victims' online accounts and have been active for over a year. DarkCasino exploits vulnerabilities, such as the WinRAR vulnerability CVE-2023-38831, to launch phishing attacks and steal online property.",
+      "meta": {
+        "refs": [
+          "https://nsfocusglobal.com/the-new-apt-group-darkcasino-and-the-global-surge-in-winrar-0-day-exploits/"
+        ]
+      },
+      "uuid": "b9128c29-8941-48a8-a5be-8076dde03a08",
+      "value": "DarkCasino"
     }
   ],
   "version": 293