From d77d3398ab838be88bacb2f601f8f7916529408f Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 15 Jul 2024 08:06:23 -0700
Subject: [PATCH] [threat-actors] Add Void Banshee

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 74e11bc..d970464 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16358,6 +16358,16 @@
       },
       "uuid": "745fd45f-9076-4c88-a977-01940bc0d36e",
       "value": "Water Sigbin"
+    },
+    {
+      "description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html"
+        ]
+      },
+      "uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
+      "value": "Void Banshee"
     }
   ],
   "version": 312