mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
update Wannacry ransomware
This commit is contained in:
parent
d9c1a6be91
commit
26e8176f50
1 changed files with 20 additions and 11 deletions
|
@ -3590,7 +3590,8 @@
|
|||
"meta": {
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2016/10/hucky-ransomware-hungarian-locky.html",
|
||||
"https://blog.avast.com/hucky-ransomware-a-hungarian-locky-wannabe"
|
||||
"https://blog.avast.com/hucky-ransomware-a-hungarian-locky-wannabe",
|
||||
"https://twitter.com/struppigel/status/846241982347427840"
|
||||
],
|
||||
"ransomnotes": [
|
||||
"https://1.bp.blogspot.com/-lLZZBScC27U/WBmkDQzl9FI/AAAAAAAAB5Y/gozOy17Yv0EWNCQVSOXn-PkTccYZuMmPQCLcB/s1600/note-bmp_2.png",
|
||||
|
@ -3998,6 +3999,23 @@
|
|||
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. After the files are decrypted, the shadow files are deleted using the following command: vssadmin.exe Delete Shadows /All /Quiet",
|
||||
"value": "Erebus Ransomware"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"WannaCrypt",
|
||||
"WannaCry",
|
||||
"WanaCrypt0r",
|
||||
"WCrypt",
|
||||
"WCRY"
|
||||
],
|
||||
"refs": [
|
||||
"https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168"
|
||||
],
|
||||
"date": "May 2017"
|
||||
},
|
||||
"description": "According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages. The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.",
|
||||
"value": "WannaCry"
|
||||
},
|
||||
{
|
||||
"value": ".CryptoHasYou.",
|
||||
"description": "Ransomware",
|
||||
|
@ -7954,15 +7972,6 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "WannaCry",
|
||||
"description": "Ransomware",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://twitter.com/struppigel/status/846241982347427840"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "WildFire Locker or Hades Locker",
|
||||
"description": "Ransomware Zyklon variant",
|
||||
|
@ -8117,7 +8126,7 @@
|
|||
"source": "Various",
|
||||
"uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
|
||||
"name": "Ransomware",
|
||||
"version": 1,
|
||||
"version": 2,
|
||||
"type": "ransomware",
|
||||
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue