Merge pull request #1000 from Mathieu4141/threat-actors/bf0dcfd2-44d9-448c-8efd-5361cba2a56b
Some checks failed
Python application / build (3.10) (push) Has been cancelled
Python application / build (3.8) (push) Has been cancelled
Python application / build (3.9) (push) Has been cancelled

[threat actors] Add 2 actors
This commit is contained in:
Alexandre Dulaunoy 2024-07-16 05:37:59 +01:00 committed by GitHub
commit c2bcaaa5a2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 21 additions and 1 deletions

View file

@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group. [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *707* elements Category: *actor* - source: *MISP Project* - total: *709* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)] [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

View file

@ -16358,6 +16358,26 @@
}, },
"uuid": "745fd45f-9076-4c88-a977-01940bc0d36e", "uuid": "745fd45f-9076-4c88-a977-01940bc0d36e",
"value": "Water Sigbin" "value": "Water Sigbin"
},
{
"description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html"
]
},
"uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
"value": "Void Banshee"
},
{
"description": "CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They target victims to collect and sell credentials, deploy cryptominers, and maintain persistence in compromised environments. CRYSTALRAY uses multiple backdoors to control access and spreads through victim networks using SSH-Snake. The actor also uses tools like Platypus for managing victims and extracting sensitive information from compromised systems.",
"meta": {
"refs": [
"https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/"
]
},
"uuid": "feeab818-a9bd-4bff-9923-bf8421abd6c5",
"value": "CRYSTALRAY"
} }
], ],
"version": 312 "version": 312