From 91e5c37a40d8e5fa5c2df6bf28e8bc6cbed253ee Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 13 Nov 2023 04:36:56 -0800
Subject: [PATCH] [threat-actors] Add Water Labbu

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6c5cf7d..88bff0b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12896,6 +12896,16 @@
       },
       "uuid": "46a67fdf-5376-4d01-8092-6549a20030af",
       "value": "Caracal Kitten"
+    },
+    {
+      "description": "Trend Micro discovered a threat actor they named Water Labbu that was targeting cryptocurrency scam websites. Typically, cryptocurrency scammers use social engineering techniques,  interacting with victims to gain their trust and then manipulating them into providing the permissions needed to transfer cryptocurrency assets. While Water Labbu managed to steal cryptocurrencies via a similar method by obtaining access permissions and token allowances from their victim’s wallets, unlike other similar campaigns, they did not use any kind of social engineering — at least not directly. Instead, Water Labbu lets other scammers use their social engineering tricks to scam unsuspecting victims.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/22/j/water-labbu-abuses-malicious-dapps-to-steal-cryptocurrency.html"
+        ]
+      },
+      "uuid": "7f24740c-9370-4968-a92e-667ef2591abe",
+      "value": "Water Labbu"
     }
   ],
   "version": 293