SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
ATT&CK techniques detected
T1055.001Dynamic-link Library Injection
96%
"which we will call stage 2. a scheduled task is then created to launch such process with four arguments at every boot with system privileges. stage 2 analysis this file is a simple loader for code embedded inside it that is encrypted with the sha512 of the unique id generated by …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
76%
"shadow - void - 042 targets multiple industries with void rabisu - like tactics special thanks to stephen hilt. key takeaways - in november 2025, spear - phishing emails featuring a trend micro - themed social engineering lure were sent to various industry verticals – including d…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
56%
"in 2025 that look like void rabisu at first sight, but that are tracked under a different intrusion set for now. in table 2 above, we compare the void rabisu intrusion set with the shadow - void - 042 intrusion set. while there are similarities, this comparison does not lead us t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform.