From c4142b2ee7ae7d8fdeea6a122582e4772077b4a7 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 20 Nov 2023 09:29:06 -0800
Subject: [PATCH] [threat-actors] Add OldGremlin

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b61d5b2..b75af79 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13304,6 +13304,19 @@
       },
       "uuid": "aca6b3d2-1c3b-4674-9de8-975e35723bcf",
       "value": "TiltedTemple"
+    },
+    {
+      "description": "OldGremlin is a Russian-speaking ransomware group that has been active for several years. They primarily target organizations in Russia, including banks, logistics, industrial, insurance, retail, and IT companies. OldGremlin is known for using phishing emails as an initial infection vector and has developed custom malware for both Windows and Linux systems. They have conducted multiple malicious email campaigns and demand large ransoms from their victims, with some reaching millions of dollars.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-new-ransomware-actor-oldgremlin-hits-multiple-organizations",
+          "https://www.group-ib.com/blog/oldgremlin-comeback/",
+          "https://www.group-ib.com/media-center/press-releases/oldgremlin/"
+        ]
+      },
+      "uuid": "ad8b73df-c526-4a32-b52f-c7c3c4c058d2",
+      "value": "OldGremlin"
     }
   ],
   "version": 294