diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 1b50550..aacf9d4 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -8667,6 +8667,22 @@ "IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT" ] } + }, + { + "value": "File Spider", + "description": "A new ransomware called File Spider is being distributed through spam that targets victims in Bosnia and Herzegovina, Serbia, and Croatia. These spam emails contains malicious Word documents that will download and install the File Spider ransomware onto a victims computer.File Spider is currently being distributed through malspam that appears to be targeting countries such as Croatia, Bosnia and Herzegovina, and Serbia. The spam start with subjects like\"Potrazivanje dugovanja\", which translates to \"Debt Collection\" and whose message, according to Google Translate, appear to be in Serbian.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/file-spider-ransomware-targeting-the-balkans-with-malspam/" + ], + "extensions": [ + ".spider" + ], + "ransomnotes": [ + "HOW TO DECRYPT FILES.url", + "As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.\n\nThe good news is that there is still a chance to recover your files, you just need to have the right key.\n\nTo obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!\n\nRemember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.\n\nTo avoid any misunderstanding, please read Help section." + ] + } } ], "source": "Various", diff --git a/clusters/tool.json b/clusters/tool.json index 4d7ca66..6196580 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -3146,6 +3146,20 @@ "TRITON" ] } + }, + { + "value": "OSX.Pirrit", + "description": "macOS adware strain ", + "meta": { + "refs": [ + "http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf", + "https://www2.cybereason.com/research-osx-pirrit-mac-adware", + "https://www.cybereason.com/hubfs/Content%20PDFs/OSX.Pirrit%20Part%20III%20The%20DaVinci%20Code.pdf" + ], + "synonyms": [ + "OSX/Pirrit" + ] + } } ] }