mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
Merge pull request #805 from jloehel/mafiaware666
chg: [ransomware] Extends the entry for JCrypt
This commit is contained in:
commit
3739ee9152
1 changed files with 71 additions and 3 deletions
|
@ -24257,9 +24257,77 @@
|
|||
"value": "Povisomware"
|
||||
},
|
||||
{
|
||||
"description": "ransomware",
|
||||
"description": "Ransomware written in C#. Fortunately, all current versions of the MafiaWare666 ransomware are decryptable. The Threat Lab from Avast has developed a free decryption tool for this malware.",
|
||||
"meta": {
|
||||
"date": "December 2020"
|
||||
"date": "December 2020",
|
||||
"extensions": [
|
||||
".jcrypt",
|
||||
".locked",
|
||||
".daddycrypt",
|
||||
".omero",
|
||||
".ncovid",
|
||||
".NotStonks",
|
||||
".crypted",
|
||||
".iam_watching",
|
||||
".vn_os",
|
||||
".wearefriends",
|
||||
".MALWAREDEVELOPER",
|
||||
".MALKI",
|
||||
".poison",
|
||||
".foxxy",
|
||||
".ZAHACKED",
|
||||
".JEBAĆ_BYDGOSZCZ!!!",
|
||||
".titancrypt",
|
||||
".crypt",
|
||||
".MafiaWare666",
|
||||
".brutusptCrypt",
|
||||
".bmcrypt",
|
||||
".cyberone",
|
||||
".l33ch"
|
||||
],
|
||||
"payment-method": "Bitcoin",
|
||||
"ransomenotes": [
|
||||
"All of your files have been encrypted.\nTo unlock them, please send 1 bitcoin(s) to BTC address: 1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1 Afterwards,\nI please email your transaction ID to: this.email.address@gmail.com\nThank you and have a nice day! Encryption Log: ..."
|
||||
],
|
||||
"ransomenotes-refs": [
|
||||
"https://1.bp.blogspot.com/-OF8CopM3MUw/X-XLjUmRkYI/AAAAAAAAXpY/1mLe136SuT8DuruWJfwIVY5WnVs5B1gcgCLcBGAsYHQ/s943/txt-note.png"
|
||||
],
|
||||
"ransomnotes-filenames": [
|
||||
"___RECOVER__FILES__.jcrypt.txt",
|
||||
"_RECOVER__FILES__.jcrypt.txt",
|
||||
"___RECOVER__FILES__.locked.txt",
|
||||
"___RECOVER__FILES__.daddycrypt.txt",
|
||||
"___RECOVER__FILES__.omero.txt",
|
||||
"___RECOVER__FILES__.ncovid.txt",
|
||||
"___RECOVER__FILES__.crypted.txt",
|
||||
"___RECOVER__FILES__.iam_watching.txt",
|
||||
"___RECOVER__FILES__.titancrypt.txt",
|
||||
"_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt"
|
||||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html",
|
||||
"https://twitter.com/kangxiaopao/status/1342027328063295488?lang=en",
|
||||
"https://twitter.com/demonslay335/status/1380610583603638277",
|
||||
"https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/",
|
||||
"https://files.avast.com/files/decryptor/avast_decryptor_mafiaware666.exe"
|
||||
],
|
||||
"synonyms": [
|
||||
"RIP lmao",
|
||||
"Locked",
|
||||
"Daddycrypt",
|
||||
"Omero",
|
||||
"Crypted",
|
||||
"Ncovid",
|
||||
"NotStonks",
|
||||
"Iam_watching",
|
||||
"Vn_os",
|
||||
"Wearefriends",
|
||||
"MALWAREDEVELOPER",
|
||||
"MALKI",
|
||||
"Poison",
|
||||
"Foxxy",
|
||||
"Mafiaware666"
|
||||
]
|
||||
},
|
||||
"uuid": "dd5712e1-efa8-4054-a5df-fdfdbc9c25b6",
|
||||
"value": "JCrypt"
|
||||
|
@ -24861,5 +24929,5 @@
|
|||
"value": "Karakurt"
|
||||
}
|
||||
],
|
||||
"version": 111
|
||||
"version": 112
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue