diff --git a/galaxy.html b/galaxy.html
index 4ba61ce..e7a43d8 100755
--- a/galaxy.html
+++ b/galaxy.html
@@ -10125,6 +10125,60 @@ Banker is a cluster galaxy available in JSON format at
+ Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware. The attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent “fileless” banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.downAndExec
+
Links |
+
https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/ |
+
Since the end of May 2017, we have been monitoring a Monero miner that spreads using the EternalBlue Exploit (CVE-2017-0144). The miner itself, known as Smominru (aka Ismo) has been well-documented, so we will not discuss its post-infection behavior. However, the miner’s use of Windows Management Infrastructure is unusual among coin mining malware. +The speed at which mining operations conduct mathematical operations to unlock new units of cryptocurrency is referred to as “hash power”. Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz. The operators had already mined approximately 8,900 Monero (valued this week between $2.8M and $3.6M). Each day, the botnet mined roughly 24 Monero, worth an average of $8,500 this week.
+Smominru is also known as:
+Ismo
+lsmo
+Links |
+
+ |
GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013
+GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013. Disappeared between march 2014 and September 2017
GrandSoft is also known as:
@@ -11064,7 +11118,7 @@ Exploit-Kit is a cluster galaxy available in JSON format at -Description Here
+Sakura Exploit Kit appeared in 2012 and was adopted by several big actor