From 0bf9d66d1454555c9b139ceb4e6530d848532ec2 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 19 Jul 2024 09:03:54 -0700
Subject: [PATCH] [threat-actors] Add Nullbulge

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e682454..8c20c66 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16390,6 +16390,16 @@
       },
       "uuid": "b9968b5f-0a5a-4be6-9dd2-428244741323",
       "value": "Lifting Zmiy"
+    },
+    {
+      "description": "NullBulge is a cybercriminal threat group targeting AI and gaming focused entities. They weaponize code in publicly available repositories to distribute malware, including LockBit ransomware. The group claims to be motivated by a pro-art, anti-AI cause, but their activities indicate a financial focus. NullBulge uses obfuscated code in public repositories and malicious mods to target their victims.",
+      "meta": {
+        "refs": [
+          "https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/"
+        ]
+      },
+      "uuid": "000d8bbf-cb6f-4f7b-89a4-9c136ac4bc5a",
+      "value": "Nullbulge"
     }
   ],
   "version": 312