From cd5883377070d2c72bf2abc0e7fb7ca048af591c Mon Sep 17 00:00:00 2001 From: rmkml Date: Wed, 15 May 2019 21:02:32 +0200 Subject: [PATCH] Add Phobos Ransomware --- clusters/ransomware.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index beef9af..7b6b8cd 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13137,7 +13137,18 @@ }, "uuid": "8cfa554a-1e1b-328a-606f-026d771870b1", "value": "Cr1ptT0r" + }, + { + "description": "Phobos exploits open or poorly secured RDP ports to sneak inside networks and execute a ransomware attack, encrypting files and demanding a ransom be paid in bitcoin for returning the files, which in this case are locked with a .phobos extension.", + "meta": { + "payment-method": "Bitcoin", + "refs": [ + "https://www.zdnet.com/article/new-phobos-ransomware-exploits-weak-security-to-hit-targets-around-the-world/" + ] + }, + "uuid": "6cfa554a-1e1b-327a-605f-025d761570b1", + "value": "Phobos" } ], - "version": 60 + "version": 61 }