From 08a4897cbed7794b3b8c43067521d4d3bc05a8be Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 22 Nov 2019 14:05:36 +0100
Subject: [PATCH] add DePriMon malicious downloader & Cyborg ransomware

---
 clusters/ransomware.json | 11 ++++++++++-
 clusters/tool.json       | 12 +++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 460f3e8..635b4b9 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13572,7 +13572,16 @@
       },
       "uuid": "7cea8846-1f3d-331a-3ebf-055d452351b6",
       "value": "Maze"
+    },
+    {
+      "value": "Cyborg Ransomware",
+      "description": "Ransomware delivered using fake Windows Update spam",
+      "meta": {
+        "refs": [
+          "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/"
+        ]
+      }
     }
   ],
-  "version": 72
+  "version": 73
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index 8c8241b..5da8749 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -7876,7 +7876,17 @@
       },
       "uuid": "c1815516-aa2a-43d2-9136-78a8feb054b6",
       "value": "ShadowHammer"
+    },
+    {
+      "value": "DePriMon",
+      "description": "DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name; that’s why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/",
+          "https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/"
+        ]
+      }
     }
   ],
-  "version": 127
+  "version": 128
 }