MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1000 from Mathieu4141/threat-actors/bf0dcfd2-44d9-448c-8efd-5361cba2a56b 

[threat actors] Add 2 actors
pull/1002/head
Alexandre Dulaunoy 2024-07-16 05:37:59 +01:00 committed by GitHub
parent 32e2e04a3c e23952b35c
commit c2bcaaa5a2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -535,7 +535,7 @@ Category: *tea-matrix* - source: ** - total: *7* elements
[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *707* elements
Category: *actor* - source: *MISP Project* - total: *709* elements
[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]

20
clusters/threat-actor.json
View File

@ -16358,6 +16358,26 @@
},
"uuid": "745fd45f-9076-4c88-a977-01940bc0d36e",
"value": "Water Sigbin"
},
{
"description": "Void Banshee is an APT group targeting North America, Europe, and Southeast Asia for information theft and financial gain. They exploit vulnerabilities like CVE-2024-38112 to deliver the Atlantida info-stealer through malicious PDFs disguised as book files. The group uses internet shortcuts with MHTML protocol handlers to access and execute files through disabled Internet Explorer, posing a significant threat to organizations. Void Banshee's TTPs include crafting URL strings to control window sizes in IE and using HTML files to hide malicious downloads from victims.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html"
]
},
"uuid": "df584835-97da-4e27-ab35-bcd3c5bf7815",
"value": "Void Banshee"
},
{
"description": "CRYSTALRAY is a threat actor known for leveraging open source tools like zmap and SSH-Snake to conduct widespread vulnerability scanning and exploitation. They target victims to collect and sell credentials, deploy cryptominers, and maintain persistence in compromised environments. CRYSTALRAY uses multiple backdoors to control access and spreads through victim networks using SSH-Snake. The actor also uses tools like Platypus for managing victims and extracting sensitive information from compromised systems.",
"meta": {
"refs": [
"https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/"
]
},
"uuid": "feeab818-a9bd-4bff-9923-bf8421abd6c5",
"value": "CRYSTALRAY"
}
],
"version": 312