From f87da7a3a65a74cc70f4936ebe507bb8ab4a369d Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 20 Apr 2018 10:13:52 +0200 Subject: [PATCH 1/3] add Xiaoba --- clusters/ransomware.json | 57 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 23673a2..1ada392 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9549,6 +9549,63 @@ ] }, "uuid": "449e18b0-43d1-11e8-847e-0fed641732a1" + }, + { + "value": "XiaoBa ransomware", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/xiaoba-ransomware-retooled-as-coinminer-but-manages-to-ruin-your-files-anyway/", + "https://twitter.com/malwrhunterteam/status/923847744137154560", + "https://twitter.com/struppigel/status/926748937477939200", + "https://twitter.com/demonslay335/status/968552114787151873" + ], + "extensions": [ + ".Encrypted[BaYuCheng@yeah.net].XiaBa", + ".XiaoBa1", + ".XiaoBa2", + ".XiaoBa3", + ".XiaoBa4", + ".XiaoBa5", + ".XiaoBa6", + ".XiaoBa7", + ".XiaoBa8", + ".XiaoBa9", + ".XiaoBa10", + ".XiaoBa11", + ".XiaoBa12", + ".XiaoBa13", + ".XiaoBa14", + ".XiaoBa15", + ".XiaoBa16", + ".XiaoBa17", + ".XiaoBa18", + ".XiaoBa19", + ".XiaoBa20", + ".XiaoBa21", + ".XiaoBa22", + ".XiaoBa23", + ".XiaoBa24", + ".XiaoBa25", + ".XiaoBa26", + ".XiaoBa27", + ".XiaoBa28", + ".XiaoBa29", + ".XiaoBa30", + ".XiaoBa31", + ".XiaoBa32", + ".XiaoBa33", + ".XiaoBa34" + ], + "ransomnotes":[ + "https://pbs.twimg.com/media/DNIoIFuX4AAce7J.jpg", + "https://pbs.twimg.com/media/DNx5Of-X0AASVda.jpg", + "_@XiaoBa@_.bmp", + "_@Explanation@_.hta", + "_XiaoBa_Info_.hta", + "_XiaoBa_Info_.bmp" + ] + }, + "uuid": "ef094aa6-4465-11e8-81ce-739cce28650b" } ], "source": "Various", From 6e2c0ea80946f88530d90306287dbfb24e9cda77 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 20 Apr 2018 10:18:33 +0200 Subject: [PATCH 2/3] Update Ransomware galaxy version --- clusters/ransomware.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 1ada392..b837654 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9611,7 +9611,7 @@ "source": "Various", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "name": "Ransomware", - "version": 16, + "version": 17, "type": "ransomware", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" } From 338eb7ab61c017541214398c7138b0aaaf40653c Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 20 Apr 2018 10:26:11 +0200 Subject: [PATCH 3/3] jq --- clusters/ransomware.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 1ada392..3baac3e 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9596,7 +9596,7 @@ ".XiaoBa33", ".XiaoBa34" ], - "ransomnotes":[ + "ransomnotes": [ "https://pbs.twimg.com/media/DNIoIFuX4AAce7J.jpg", "https://pbs.twimg.com/media/DNx5Of-X0AASVda.jpg", "_@XiaoBa@_.bmp",