From 96adf0ba8f615b2a97957f9950842d75803ce307 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 20 Feb 2024 05:22:25 -0800
Subject: [PATCH] [threat-actors] Add ProCC

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6e446a1..8602409 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15196,6 +15196,16 @@
       },
       "uuid": "3682a08e-c1d9-4dff-ae08-774883dddba6",
       "value": "BANISHED KITTEN"
+    },
+    {
+      "description": "ProCC is a threat actor targeting the hospitality sector with remote access Trojan malware. They use email attachments to exploit vulnerabilities like CVE-2017-0199 and deploy customized versions of RATs such as RevengeRAT, NjRAT, NanoCoreRAT, and 888 RAT. ProCC's malware is capable of collecting data from the clipboard and printer spooler, as well as capturing screenshots on infected machines.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/revengehotels/95229/"
+        ]
+      },
+      "uuid": "c74f78d1-3728-4bb9-b84f-0e46d2e870b2",
+      "value": "ProCC"
     }
   ],
   "version": 301