From d01cfb8d1e307522eb053aee539f8316085da2ce Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 21 Jun 2017 08:56:03 +0200 Subject: [PATCH] Add SOREBRECT ransomware --- clusters/ransomware.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index dc15566..b98536d 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -8474,12 +8474,27 @@ ], "encryption": "may be a mixture of AES and RC4.", "ransomnotes": [ - "_DECODE_FILES.txt" + "DECODE_FILES.txt" ], "refs": [ "https://www.bleepingcomputer.com/news/security/uiwix-ransomware-using-eternalblue-smb-exploit-to-infect-victims/" ] } + }, + { + "value": "SOREBRECT", + "description": "Fileless, Code-injecting Ransomware", + "meta": { + "extensions": [ + ".pr0tect" + ], + "ransomnotes": [ + "http://blog.trendmicro.com/trendlabs-security-intelligence/files/2017/06/SOREBRECT-3.jpg" + ], + "refs": [ + "http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-code-injecting-sorebrect-ransomware/" + ] + } } ], "source": "Various",