From 537ef0873555471e2dd98a9763a2251e4a2861c7 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Mon, 16 Oct 2023 18:14:47 +0200
Subject: [PATCH] [threat-actors] Add Void Rabisu

---
 clusters/threat-actor.json | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fc47ca3..23f6b65 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -11959,6 +11959,40 @@
       ],
       "uuid": "32eebd31-5e0f-4fb9-b478-26ff4e48aaf4",
       "value": "AtlasCross"
+    },
+    {
+      "description": "Void Rabisu is an intrusion set associated with both financially motivated ransomware attacks and targeted campaigns on Ukraine and countries supporting Ukraine.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "Ukraine",
+          "European Union"
+        ],
+        "references": [
+          "https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html",
+          "https://www.trendmicro.com/en_za/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html"
+        ],
+        "synonyms": [
+          "Tropical Scorpius"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "6d9dfc5f-4ebf-404b-ab5e-e6497867fe65",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        },
+        {
+          "dest-uuid": "5f1c11d3-c6ac-4368-a801-cced88a9d93b",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "9766d52e-0e5d-4997-9c31-7f2291dcda9e",
+      "value": "Void Rabisu"
     }
   ],
   "version": 285