RU

Ruthless RabbitRuthless Rabbit

Also known as: Ruthless Rabbit

Origin
RU
Known aliases
1

Profile

Ruthless Rabbit has been running investment scam campaigns since November 2022, primarily targeting users in Russia, Poland, Romania, and Kazakhstan. The actor utilizes RDGA patterns to create over 2,600 domains, hosted on multiple dedicated IPs, and employs a cloaking service for validation checks on user leads. Their campaigns have included themes such as Baltic Pipe financial scams and spoofing well-known platforms like WhatsApp and Google Finance. The most prevalent campaign theme involves a spoofed news article from "Channel One" promoting the "GazInvest" platform with promises of high returns.

Aliases· 1

Ruthless Rabbit

References

  1. https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Reckless Rabbit
Actor
GreedyBear
Actor
DarkGaboon
Actor
RUBYCARP
Actor
GambleForce
Actor
CashRewindo
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.