mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 10:17:18 +00:00
Merge pull request #1000 from Mathieu4141/threat-actors/bf0dcfd2-44d9-448c-8efd-5361cba2a56b
[threat actors] Add 2 actors
This commit is contained in:
commit
c2bcaaa5a2
2 changed files with 21 additions and 1 deletions
|
@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
|
|||
|
||||
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
|
||||
|
||||
Category: *actor* - source: *MISP Project* - total: *707* elements
|
||||
Category: *actor* - source: *MISP Project* - total: *709* elements
|
||||
|
||||
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
|
||||
|
||||
|
|
|
@ -16358,6 +16358,26 @@
|
|||
},
|
||||
"uuid": "745fd45f-9076-4c88-a977-01940bc0d36e",
|
||||
"value": "Water Sigbin"
|
||||
},
|
||||
{
|
||||
"description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html"
|
||||
]
|
||||
},
|
||||
"uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
|
||||
"value": "Void Banshee"
|
||||
},
|
||||
{
|
||||
"description": "CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They target victims to collect and sell credentials, deploy cryptominers, and maintain persistence in compromised environments. CRYSTALRAY uses multiple backdoors to control access and spreads through victim networks using SSH-Snake. The actor also uses tools like Platypus for managing victims and extracting sensitive information from compromised systems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/"
|
||||
]
|
||||
},
|
||||
"uuid": "feeab818-a9bd-4bff-9923-bf8421abd6c5",
|
||||
"value": "CRYSTALRAY"
|
||||
}
|
||||
],
|
||||
"version": 312
|
||||
|
|
Loading…
Reference in a new issue