From 541eb4a4a9defc23b443676cb3f863e0b6761b20 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 27 Mar 2024 05:09:24 -0700
Subject: [PATCH] [threat-actors] Add Saad Tycoon

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ec7b094..2e043cf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15486,6 +15486,16 @@
       },
       "uuid": "1759f8f2-e6ef-4683-a9e4-44984b9deaba",
       "value": "Edalat-e Ali"
+    },
+    {
+      "description": "Saad Tycoon is the operator and alleged developer of the Tycoon 2FA PhaaS, a phishing service that targets users for financial gain. The actor utilizes Bitcoin transactions to generate significant profits from the fraudulent service. The phishing infrastructure includes domain registration, server hosting, and possibly Cloudflare protection.",
+      "meta": {
+        "refs": [
+          "https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/"
+        ]
+      },
+      "uuid": "d9709373-7a3a-4905-8c90-ba74237e77ea",
+      "value": "Saad Tycoon"
     }
   ],
   "version": 305