From 537ef0873555471e2dd98a9763a2251e4a2861c7 Mon Sep 17 00:00:00 2001 From: Mathieu Beligon Date: Mon, 16 Oct 2023 18:14:47 +0200 Subject: [PATCH] [threat-actors] Add Void Rabisu --- clusters/threat-actor.json | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index fc47ca39..23f6b65c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -11959,6 +11959,40 @@ ], "uuid": "32eebd31-5e0f-4fb9-b478-26ff4e48aaf4", "value": "AtlasCross" + }, + { + "description": "Void Rabisu is an intrusion set associated with both financially motivated ransomware attacks and targeted campaigns on Ukraine and countries supporting Ukraine.", + "meta": { + "cfr-suspected-victims": [ + "Ukraine", + "European Union" + ], + "references": [ + "https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html", + "https://www.trendmicro.com/en_za/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html" + ], + "synonyms": [ + "Tropical Scorpius" + ] + }, + "related": [ + { + "dest-uuid": "6d9dfc5f-4ebf-404b-ab5e-e6497867fe65", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + }, + { + "dest-uuid": "5f1c11d3-c6ac-4368-a801-cced88a9d93b", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "uses" + } + ], + "uuid": "9766d52e-0e5d-4997-9c31-7f2291dcda9e", + "value": "Void Rabisu" } ], "version": 285