From ba45a55895b80ab7e098e59a2d0589cf352bbec7 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Fri, 22 Dec 2017 15:42:51 +0100
Subject: [PATCH] galaxy updated
---
galaxy.html | 3411 +-
galaxy.pdf | 294138 +++++++++++++++++++++++++------------------------
2 files changed, 150474 insertions(+), 147075 deletions(-)
diff --git a/galaxy.html b/galaxy.html
index fc5c192..389b286 100755
--- a/galaxy.html
+++ b/galaxy.html
@@ -8896,6 +8896,47 @@ Android is a cluster galaxy available in JSON format at
+ A malware strain known as Loapi will damage phones if users don’t remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone’s components, which will make the battery bulge, deform the phone’s cover, or even worse. Discovered by Kaspersky Labs, researchers say Loapi appears to have evolved from Podec, a malware strain spotted in 2015.Loapi
+
Links |
+
+ |
Late last year, we encountered an SMS Trojan called Trojan-SMS.AndroidOS.Podec which used a very powerful legitimate system to protect itself against analysis and detection. After we removed the protection, we saw a small SMS Trojan with most of its malicious payload still in development. Before long, though, we intercepted a fully-fledged version of Trojan-SMS.AndroidOS.Podec in early 2015. +The updated version proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system (which notifies users about the price of a service and requires authorization before making the payment). It can also subscribe users to premium-rate services while bypassing CAPTCHA. This is the first time Kaspersky Lab has encountered this kind of capability in any Android-Trojan.
+Links |
+
+ |
GratefulPOS has the following functions +1. Access arbitrary processes on the target POS system +2. Scrape track 1 and 2 payment card data from the process(es) +3. Exfiltrate the payment card data via lengthy encoded and obfuscated DNS queries to a hardcoded domain registered and controlled by the perpetrators, similar to that described by Paul Rascagneres in his analysis of FrameworkPOS in 2014[iii], and more recently by Luis Mendieta of Anomoli in analysis of a precursor to this sample.
+Links |
+
+ |
DealersChoice is a Flash Player Exploit platform triggered by RTF
+DealersChoice is a Flash Player Exploit platform triggered by RTF.
+DealersChoice is a platform that generates malicious documents containing embedded Adobe Flash files. Palo Alto Network researchers analyzed two variants — variant A, which is a standalone variant including Flash exploit code packaged with a payload, and variant B, which is a modular variant that loads exploit code on demand. This new component appeared in 2016 and is still in use.
DealersChoice is also known as:
@@ -10208,7 +10275,7 @@ Exploit-Kit is a cluster galaxy available in JSON format at -https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/
Sednit EK is the exploit kit used by APT28
Sednit EK is also known as:
+SedKit
+