MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add Void Banshee

Browse source
This commit is contained in:
Mathieu4141 2024-07-15 08:06:23 -07:00
parent 32e2e04a3c
commit d77d3398ab
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
clusters/threat-actor.json
View file

@ -16358,6 +16358,16 @@
}, },
"uuid": "745fd45f-9076-4c88-a977-01940bc0d36e", "uuid": "745fd45f-9076-4c88-a977-01940bc0d36e",
"value": "Water Sigbin" "value": "Water Sigbin"
},
{
"description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html"
]
},
"uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
"value": "Void Banshee"
} }
], ],
"version": 312 "version": 312