diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 74e11bc..d970464 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16358,6 +16358,16 @@ }, "uuid": "745fd45f-9076-4c88-a977-01940bc0d36e", "value": "Water Sigbin" + }, + { + "description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.", + "meta": { + "refs": [ + "https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html" + ] + }, + "uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815", + "value": "Void Banshee" } ], "version": 312