From 86323ca9488f591448ee73c614d9a9137ab7d7a6 Mon Sep 17 00:00:00 2001 From: rmkml Date: Sat, 13 Apr 2019 16:38:46 +0200 Subject: [PATCH 1/2] Add Tellyouthepass Ransomware --- clusters/ransomware.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 90f8fe8..4cddd47 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13086,7 +13086,19 @@ }, "uuid": "8cfa694a-2e5b-300a-727f-027d881870b2", "value": "BlackWorm" + }, + { + "description": "Tellyouthepass is a ransomware that alters system files, registry entries and encodes personal photos, documents, and servers or archives. Army-grade encryption algorithms get used to change the original code of the file and make the data useless.", + "meta": { + "payment-method": "Bitcoin", + "price": "0.2", + "refs": [ + "https://malware.wikia.org/wiki/Tellyouthepass" + ] + }, + "uuid": "7cfa694a-1e5b-300a-627f-027d881870b1", + "value": "Tellyouthepass" } ], - "version": 56 + "version": 57 } From 9aa6244ed909d58e016898350f661deae29feb76 Mon Sep 17 00:00:00 2001 From: rmkml Date: Sat, 13 Apr 2019 17:01:31 +0200 Subject: [PATCH 2/2] Add Ave Maria Stealer --- clusters/stealer.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clusters/stealer.json b/clusters/stealer.json index 7511a0b..105639f 100644 --- a/clusters/stealer.json +++ b/clusters/stealer.json @@ -65,7 +65,18 @@ }, "uuid": "a646edaa-4c6f-3a79-7a6c-143535259e15", "value": "Vidar" + }, + { + "description": "Information stealer which uses AutoIT for wrapping.", + "meta": { + "date": "Jan 2019.", + "refs": [ + "https://blog.yoroi.company/research/the-ave_maria-malware/" + ] + }, + "uuid": "a546edaa-4c6f-2a79-7a6c-133535249e14", + "value": "Ave Maria" } ], - "version": 5 + "version": 6 }