From 6e3656ae6d7d58d81ed3998bd82234f5dc847cda Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 1 Nov 2024 10:43:28 -0700
Subject: [PATCH] [threat-actors] Add DarkRaaS

---
 clusters/threat-actor.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 395f3052..afe7479b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17108,6 +17108,18 @@
       },
       "uuid": "793280d5-d28c-4d4a-87b6-487ba9d9fbd1",
       "value": "IcePeony"
+    },
+    {
+      "description": "DarkRaaS is a threat actor specializing in selling unauthorized access to various organizations' systems and networks across multiple countries, with a recent focus on targets in Israel, UAE, Turkey, and South America 4 9 20. The group has been operating for at least six years and typically offers access to sensitive data, internal systems, and infrastructure, with prices ranging up to $25,000 for VPN access 4 9. Their targets span various sectors including government institutions, educational facilities, oil and gas companies, and IT organizations, often claiming to have access to multiple terabytes of sensitive data 7 19.",
+      "meta": {
+        "refs": [
+          "https://cyberpress.org/darkraas-ransomware-oil-gas-company/",
+          "https://cyberpress.org/darkraas-ransomware-intelligence-data/",
+          "https://dailydarkweb.net/darkraas-allegedly-breached-a-major-oil-and-gas-company/"
+        ]
+      },
+      "uuid": "0c18304e-e65f-4881-94e1-cc2d621ec563",
+      "value": "DarkRaaS"
     }
   ],
   "version": 318