mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
commit
e814b8f515
3 changed files with 57 additions and 3 deletions
|
@ -3749,9 +3749,27 @@
|
|||
"SMSLocker"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Loapi",
|
||||
"description": "A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse. Discovered by Kaspersky Labs, researchers say Loapi appears to have evolved from Podec, a malware strain spotted in 2015.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/android-malware-will-destroy-your-phone-no-ifs-and-buts-about-it/"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Podec",
|
||||
"description": "Late last year, we encountered an SMS Trojan called Trojan-SMS.AndroidOS.Podec which used a very powerful legitimate system to protect itself against analysis and detection. After we removed the protection, we saw a small SMS Trojan with most of its malicious payload still in development. Before long, though, we intercepted a fully-fledged version of Trojan-SMS.AndroidOS.Podec in early 2015.\nThe updated version proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system (which notifies users about the price of a service and requires authorization before making the payment). It can also subscribe users to premium-rate services while bypassing CAPTCHA. This is the first time Kaspersky Lab has encountered this kind of capability in any Android-Trojan.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securelist.com/sms-trojan-bypasses-captcha/69169//"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"version": 3,
|
||||
"version": 4,
|
||||
"uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa",
|
||||
"description": "Android malware galaxy based on multiple open sources.",
|
||||
"authors": [
|
||||
|
|
|
@ -484,9 +484,18 @@
|
|||
},
|
||||
"description": "According to X-Force research, the new banking Trojan emerged in the wild in September 2017, when its first test campaigns were launched. Our researchers noted that IcedID has a modular malicious code with modern banking Trojan capabilities comparable to malware such as the Zeus Trojan. At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S. Two major banks in the U.K. are also on the target list the malware fetches.",
|
||||
"value": "IcedID"
|
||||
},
|
||||
{
|
||||
"value": "GratefulPOS",
|
||||
"description": "GratefulPOS has the following functions\n1. Access arbitrary processes on the target POS system\n2. Scrape track 1 and 2 payment card data from the process(es)\n3. Exfiltrate the payment card data via lengthy encoded and obfuscated DNS queries to a hardcoded domain registered and controlled by the perpetrators, similar to that described by Paul Rascagneres in his analysis of FrameworkPOS in 2014[iii], and more recently by Luis Mendieta of Anomoli in analysis of a precursor to this sample.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"version": 4,
|
||||
"version": 5,
|
||||
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
|
||||
"description": "A list of banker malware.",
|
||||
"authors": [
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
],
|
||||
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
||||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||
"version": 43,
|
||||
"version": 44,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
|
@ -3160,6 +3160,33 @@
|
|||
"OSX/Pirrit"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "GratefulPOS",
|
||||
"description": "GratefulPOS has the following functions\n1. Access arbitrary processes on the target POS system\n2. Scrape track 1 and 2 payment card data from the process(es)\n3. Exfiltrate the payment card data via lengthy encoded and obfuscated DNS queries to a hardcoded domain registered and controlled by the perpetrators, similar to that described by Paul Rascagneres in his analysis of FrameworkPOS in 2014[iii], and more recently by Luis Mendieta of Anomoli in analysis of a precursor to this sample.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "PRILEX",
|
||||
"description": "Prilex malware steals the information of the infected ATM’s users. In this case, it was a Brazilian bank, but consider the implications of such an attack in your region, whether you’re a customer or the bank.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "CUTLET MAKER",
|
||||
"description": "Cutlet Maker is an ATM malware designed to empty the machine of all its banknotes. Interestingly, while its authors have been advertising its sale, their competitors have already cracked the program, allowing anybody to use it for free.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue