From 409e3d72766d43e19032d41b01a01a923e7f4b99 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 18 Jul 2024 09:57:47 +0200 Subject: [PATCH] chg: [ransomware] groups updated --- clusters/ransomware.json | 154 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 149 insertions(+), 5 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 7a0128c..4d5aa8b 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -27572,7 +27572,44 @@ "http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion", "http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion", "http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion", - "http://ofj3oaltwaf67qtd7oafk5r44upm6wkc2jurpsdyih2c7mbrbshuwayd.onion" + "http://ofj3oaltwaf67qtd7oafk5r44upm6wkc2jurpsdyih2c7mbrbshuwayd.onion", + "http://lockbit23xxhej7swdop24cru7ks2w66pw7zgdkydqo6f7wfyfqo7oqd.onion", + "http://lockbit7ixelt7gn3ynrs3dgqtsom6x6sd2ope4di7bu6e6exyhazeyd.onion", + "http://lockbitck6escin3p33v3f5uef3mr5fx335oyqon2uqoyxuraieuhiqd.onion", + "http://lockbitfhzimjqx2v7p2vfu57fpdm5zh2vsbfk5jkjod3k5pszbek7ad.onion", + "http://lockbiti7ss2wzyizvyr2x46krnezl4xjeianvupnvazhbqtz32auqqd.onion", + "http://lockbitkwkmhfb2zr3ngduaa6sd6munslzkbtqhn5ifmwqml4sl7znad.onion", + "http://lockbitqfj7mmhrfa7lznj47ogknqanskj7hyk2vistn2ju5ufrhbpyd.onion", + "http://lockbit7z2mmiz3ryxafn5kapbvbbiywsxwovasfkgf5dqqp5kxlajad.onion", + "http://lockbit7z2og4jlsmdy7dzty3g42eu3gh2sx2b6ywtvhrjtss7li4fyd.onion", + "http://lockbit7z355oalq4hiy5p7de64l6rsqutwlvydqje56uvevcc57r6qd.onion", + "http://lockbit7z36ynytxwjzuoao46ck7b3753gpedary3qvuizn3iczhe4id.onion", + "http://lockbit7z37ntefjdbjextn6tmdkry4j546ejnru5cejeguitiopvhad.onion", + "http://lockbit7z3azdoxdpqxzliszutufbc2fldagztdu47xyucp25p4xtqad.onion", + "http://lockbit7z3ddvg5vuez2vznt73ljqgwx5tnuqaa2ye7lns742yiv2zyd.onion", + "http://lockbit7z3hv7ev5knxbrhsvv2mmu2rddwqizdz4vwfvxt5izrq6zqqd.onion", + "http://ockbit7z3ujnkhxwahhjduh5me2updvzxewhhc5qvk2snxezoi5drad.onion", + "http://lockbit7z4bsm63m3dagp5xglyacr4z4bwytkvkkwtn6enmuo5fi5iyd.onion", + "http://lockbit7z4cgxvictidwfxpuiov4scdw34nxotmbdjyxpkvkg34mykyd.onion", + "http://lockbit7z4k5zer5fbqi2vdq5sx2vuggatwyqvoodrkhubxftyrvncid.onion", + "http://lockbit7z4ndl6thsct34yd47jrzdkpnfg3acfvpacuccb45pnars2ad.onion", + "http://lockbit7z55tuwaflw2c7torcryobdvhkcgvivhflyndyvcrexafssad.onion", + "http://lockbit7z57mkicfkuq44j6yrpu5finwvjllczkkp2uvdedsdonjztyd.onion", + "http://lockbit7z5ehshj6gzpetw5kso3onts6ty7wrnneya5u4aj3vzkeoaqd.onion", + "http://lockbit7z5hwf6ywfuzipoa42tjlmal3x5suuccngsamsgklww2xgyqd.onion", + "http://lockbit7z5ltrhzv46lsg447o3cx2637dloc3qt4ugd3gr2xdkkkeayd.onion", + "http://lockbit7z6choojah4ipvdpzzfzxxchjbecnmtn4povk6ifdvx2dpnid.onion", + "http://lockbit7z6dqziutocr43onmvpth32njp4abfocfauk2belljjpobxyd.onion", + "http://lockbit7z6f3gu6rjvrysn5gjbsqj3hk3bvsg64ns6pjldqr2xhvhsyd.onion", + "http://lockbit7z6qinyhhmibvycu5kwmcvgrbpvtztkvvmdce5zwtucaeyrqd.onion", + "http://lockbit7z6rzyojiye437jp744d4uwtff7aq7df7gh2jvwqtv525c4yd.onion", + "http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion", + "http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion", + "http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion", + "http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion", + "http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion", + "http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion", + "http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion" ], "refs": [ "https://threatpost.com/lockbit-ransomware-proliferates-globally/168746", @@ -27963,6 +28000,7 @@ "value": "Ransomcartel" }, { + "description": "", "meta": { "links": [ "http://xw7au5pnwtl6lozbsudkmyd32n6gnqdngitjdppybudan3x3pjgpmpid.onion", @@ -28744,7 +28782,8 @@ "description": "Tesorion describes Lorenz as a ransomware with design and implementation flaws, leading to impossible decryption with tools provided by the attackers. A free decryptor for 2021 versions was made available via the NoMoreRansom initiative. A new version of the malware was discovered in March 2022, for which again was provided a free decryptor, while the ransomware operators are not able to provide tools to decrypt affected files.", "meta": { "links": [ - "http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/" + "http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/", + "http://woe2suafeg6ehxivgvvn4nh6ectbdhdqgc4vzph27mmyn7rjf2c52jid.onion" ], "refs": [ "https://www.ransomlook.io/group/lorenz", @@ -29191,7 +29230,8 @@ "description": "", "meta": { "links": [ - "http://meow6xanhzfci2gbkn3lmbqq7xjjufskkdfocqdngt3ltvzgqpsg5mid.onion/" + "http://meow6xanhzfci2gbkn3lmbqq7xjjufskkdfocqdngt3ltvzgqpsg5mid.onion/", + "http://totos7fquprkecvcsl2jwy72v32glgkp2ejeqlnx5ynnxvbebgnletqd.onion" ], "refs": [ "https://www.ransomlook.io/group/meow" @@ -29253,7 +29293,9 @@ { "meta": { "links": [ - "https://xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion/" + "https://xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion/", + "http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion", + "http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion/posts" ], "refs": [ "https://www.ransomlook.io/group/fog" @@ -29390,7 +29432,109 @@ }, "uuid": "2b7f6554-ac22-5b6c-85a0-65f55401c20e", "value": "vanir group" + }, + { + "description": "", + "meta": { + "links": [ + "http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion", + "http://cybertube.video/web/index.html#!/details?id=0c3b52f6e73709725dc6e12b30b139d9&serverId=2be5e68176ff4f8fbb930fe66321ab72" + ], + "refs": [ + "https://www.ransomlook.io/group/dispossessor" + ] + }, + "uuid": "e90c181c-28e9-5c01-b84e-6d9c311039fd", + "value": "dispossessor" + }, + { + "description": "A hacktivist group protecting artists' rights and ensuring fair compensation for their work.", + "meta": { + "links": [ + "http://nullbulge.co/blog.html", + "http://nullbulge.se", + "http://nullbulge.com", + "http://goocasino.org" + ], + "refs": [ + "https://www.ransomlook.io/group/nullbulge" + ] + }, + "uuid": "fea5d0cc-2026-56c2-acf7-5eab1f23256a", + "value": "nullbulge" + }, + { + "meta": { + "links": [ + "http://matmq3z3hiovia3voe2tix2x54sghc3tszj74xgdy4tqtypoycszqzqd.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/holyghost" + ] + }, + "uuid": "cf9494a3-7d48-59dc-bb1a-65ecb02faf4b", + "value": "holyghost" + }, + { + "meta": { + "links": [ + "http://z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/chilelocker" + ] + }, + "uuid": "005c987b-4755-59ec-b148-dad5cf26d0f1", + "value": "chilelocker" + }, + { + "meta": { + "links": [ + "http://k67ivvik3dikqi4gy4ua7xa6idijl4si7k5ad5lotbaeirfcsx4sgbid.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/mad liberator" + ] + }, + "uuid": "ba1be64e-f807-570a-84a3-55e8e9fe5086", + "value": "mad liberator" + }, + { + "meta": { + "links": [ + "http://wm6mbuzipviusuc42kcggzkdpbhuv45sn7olyamy6mcqqked3waslbqd.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/lockdata" + ] + }, + "uuid": "a6e6d386-792d-5ffd-9a88-ddd865b474e6", + "value": "lockdata" + }, + { + "meta": { + "links": [ + "http://adminavf4cikzbv6mbbp7ujpwhygnn2t3egiz2pswldj32krrml42wyd.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/adminlocker" + ] + }, + "uuid": "6e2cbcca-7086-53dc-ac90-6fb1d1157bc1", + "value": "adminlocker" + }, + { + "meta": { + "links": [ + "http://gg6owuhu72muoelkt2msjrp2llwr2on5634sk5v2xefzmobvryywbhid.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/ransomcortex" + ] + }, + "uuid": "c3fbd8c2-936c-580c-9290-a07ab86fa968", + "value": "ransomcortex" } ], - "version": 128 + "version": 129 }