diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index f7886924..de92977d 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16185,6 +16185,17 @@ }, "uuid": "2ac0db88-8e88-447b-ad44-f781326f5884", "value": "Void Arachne" + }, + { + "description": "Markopolo is a threat actor known for running scams targeting cryptocurrency users through a fake app called Vortax. They use social media and a dedicated blog to legitimize their malicious activities. Markopolo has been linked to a credential-harvesting operation and is agile in pivoting to new scams when detected. The actor leverages shared hosting and C2 infrastructure for their malicious builds.", + "meta": { + "refs": [ + "https://www.darkreading.com/remote-workforce/vortax-meeting-software-branding-spreads-infostealers", + "https://www.recordedfuture.com/the-travels-of-markopolo-self-proclaimed-meeting-software-vortax-spreads-infostealers" + ] + }, + "uuid": "c1e2121a-84c9-4fd0-99ef-917ded9cb3e1", + "value": "Markopolo" } ], "version": 312