Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

    Monday, July 29, 2024 In: Threat Research Print

    Date: 07/16/2024

    Severity: Medium

    Summary

    The article "Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks" highlights a new cyber threat called Void Banshee, which exploits a vulnerability in Internet Explorer that allows attackers to remotely take control of users' computers. This zero-day exploit poses a significant risk to Windows users, underscoring the importance of prompt updates and vigilance against emerging cyber threats.        

    Indicators of Compromise (IOC) List

    IP Address

    185.172.128.95

    Hash

    c9f58d96ec809a75679ec3c7a61eaaf3adbbeb6613d667257517bdc41ecca9ae

d8824f643127c1d8f73028be01363fd77b2ecb050ebe8c17793633b9879d20eb

87480b151e465b73151220533c965f3a77046138f079ca3ceb961a7d5fee9a33

c85eedd51dced48b3764c2d5bdb8febefe4210a2d9611e0fb14ffc937b80e302

13907caae48ea741942bce60fa32087328475bd14f5a81a6d04d82286bd28b4d

119b0994bcf9c9494ce44f896b7ff4a489b62f31706be2cb6e4a9338b63cdfdb

6f1f3415c3e52dcdbb012f412aef7b9744786b2d4a1b850f1f4561048716c750

b371fbdce6935039218d4b4272db3521881c9cec48ef82dec1e9e0188a32d3ad

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address

    dstipaddress IN ("185.172.128.95") or ipaddress IN ("185.172.128.95") or publicipaddress IN ("185.172.128.95") or srcipaddress IN ("185.172.128.95")

    Hash

    sha256hash IN ("b371fbdce6935039218d4b4272db3521881c9cec48ef82dec1e9e0188a32d3ad","d8824f643127c1d8f73028be01363fd77b2ecb050ebe8c17793633b9879d20eb","87480b151e465b73151220533c965f3a77046138f079ca3ceb961a7d5fee9a33","c85eedd51dced48b3764c2d5bdb8febefe4210a2d9611e0fb14ffc937b80e302","13907caae48ea741942bce60fa32087328475bd14f5a81a6d04d82286bd28b4d","c9f58d96ec809a75679ec3c7a61eaaf3adbbeb6613d667257517bdc41ecca9ae")

    Reference:

    https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html

    Following Models Enabled:

    Malicious IPs Used by Void Banshee - Proxy - TA0002:Execution

    Malicious IPs Used by Void Banshee - Firewall - TA0002:Execution

    Malicious Hashes Used by Void Banshee - Windows Secuity - TA0002:Execution

    Malicious Hashes Used by Void Banshee - EDR - TA0002:Execution

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.