Merge pull request #136 from Delta-Sierra/master

add OSX.Pirrit
This commit is contained in:
Alexandre Dulaunoy 2017-12-15 14:39:20 +01:00 committed by GitHub
commit 088e90a284
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 0 deletions

View file

@ -8667,6 +8667,22 @@
"IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT"
]
}
},
{
"value": "File Spider",
"description": "A new ransomware called File Spider is being distributed through spam that targets victims in Bosnia and Herzegovina, Serbia, and Croatia. These spam emails contains malicious Word documents that will download and install the File Spider ransomware onto a victims computer.File Spider is currently being distributed through malspam that appears to be targeting countries such as Croatia, Bosnia and Herzegovina, and Serbia. The spam start with subjects like\"Potrazivanje dugovanja\", which translates to \"Debt Collection\" and whose message, according to Google Translate, appear to be in Serbian.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/file-spider-ransomware-targeting-the-balkans-with-malspam/"
],
"extensions": [
".spider"
],
"ransomnotes": [
"HOW TO DECRYPT FILES.url",
"As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.\n\nThe good news is that there is still a chance to recover your files, you just need to have the right key.\n\nTo obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!\n\nRemember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.\n\nTo avoid any misunderstanding, please read Help section."
]
}
}
],
"source": "Various",

View file

@ -3146,6 +3146,20 @@
"TRITON"
]
}
},
{
"value": "OSX.Pirrit",
"description": "macOS adware strain ",
"meta": {
"refs": [
"http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf",
"https://www2.cybereason.com/research-osx-pirrit-mac-adware",
"https://www.cybereason.com/hubfs/Content%20PDFs/OSX.Pirrit%20Part%20III%20The%20DaVinci%20Code.pdf"
],
"synonyms": [
"OSX/Pirrit"
]
}
}
]
}