[threat-actors] Add Void Rabisu

2023-10-16 18:14:47 +02:00 · 2023-10-16 18:14:47 +02:00 · 537ef08735
parent fe77114b84
commit 537ef08735
1 changed files with 34 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -11959,6 +11959,40 @@
      ],
      "uuid": "32eebd31-5e0f-4fb9-b478-26ff4e48aaf4",
      "value": "AtlasCross"
+    },
+    {
+      "description": "Void Rabisu is an intrusion set associated with both financially motivated ransomware attacks and targeted campaigns on Ukraine and countries supporting Ukraine.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "Ukraine",
+          "European Union"
+        ],
+        "references": [
+          "https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html",
+          "https://www.trendmicro.com/en_za/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html"
+        ],
+        "synonyms": [
+          "Tropical Scorpius"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "6d9dfc5f-4ebf-404b-ab5e-e6497867fe65",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "5f1c11d3-c6ac-4368-a801-cced88a9d93b",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "9766d52e-0e5d-4997-9c31-7f2291dcda9e",
+      "value": "Void Rabisu"
    }
  ],
  "version": 285