mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
commit
7813a29460
1 changed files with 37 additions and 1 deletions
|
@ -11107,7 +11107,43 @@
|
|||
},
|
||||
"uuid": "76bfb132-cc70-11e8-8623-bb3f209be6c9",
|
||||
"value": "SAVEfiles"
|
||||
},
|
||||
{
|
||||
"description": "The File-Locker Ransomware is a Hidden Tear variant that is targeting victims in Korea. When victim's are infected it will leave a ransom requesting 50,000 Won, or approximately 50 USD, to get the files back. This ransomware uses AES encryption with a static password of \"dnwls07193147\", so it is easily decryptable.",
|
||||
"meta": {
|
||||
"extensions": [
|
||||
".locked"
|
||||
],
|
||||
"ransomnotes": [
|
||||
"Warning!!!!!!.txt",
|
||||
"https://www.bleepstatic.com/images/news/ransomware/f/file-locker/ransom-note%20-%20Copy.jpg",
|
||||
"한국어: 경고!!! 모든 문서, 사진, 데이테베이스 및 기타 중요한 파일이 암호화되었습니다!!\n당신은 돈을 지불해야 합니다\n비트코인 5만원을 fasfry2323@naver.com로 보내십시오 비트코인 지불코드: 1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX 결제 사이트 http://www.localbitcoins.com/ \nEnglish: Warning!!! All your documents, photos, databases and other important personal files were encrypted!!\nYou have to pay for it.\nSend fifty thousand won to fasfry2323@naver.com Bitcoin payment code: 1BoatSLRHtKNngkdXEeobR76b53LETtpyT Payment site http://www.localbitcoins.com/"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/"
|
||||
]
|
||||
},
|
||||
"uuid": "c06a1938-dcee-11e8-bc74-474b0080f0e5",
|
||||
"value": "File-Locker"
|
||||
},
|
||||
{
|
||||
"description": "A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files.",
|
||||
"meta": {
|
||||
"extensions": [
|
||||
".[old@nuke.africa].CommonRansom"
|
||||
],
|
||||
"ransomnotes": [
|
||||
"DECRYPTING.txt",
|
||||
"https://www.bleepstatic.com/images/news/ransomware/c/CommonRansom/ransom-note.jpg",
|
||||
"+-----------------------+\n¦----+CommonRansom+-----¦\n+-----------------------+\nHello dear friend,\nYour files were encrypted!\nYou have only 12 hours to decrypt it\nIn case of no answer our team will delete your decryption password\nWrite back to our e-mail: old@nuke.africa\n\n\nIn your message you have to write:\n1. This ID-[VICTIM_ID]\n2. [IP_ADDRESS]:PORT(rdp) of infected machine\n3. Username:Password with admin rights\n4. Time when you have paid 0.1 btc to this bitcoin wallet:\n35M1ZJhTaTi4iduUfZeNA75iByjoQ9ibgF\n\n\nAfter payment our team will decrypt your files immediatly\n\n\nFree decryption as guarantee:\n1. File must be less than 10MB\n2. Only .txt or .lnk files, no databases\n3. Only 5 files\n\n\nHow to obtain bitcoin:\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\nhttps://localbitcoins.com/buy_bitcoins\nAlso you can find other places to buy Bitcoins and beginners guide here:\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/"
|
||||
]
|
||||
},
|
||||
"uuid": "c0dffb94-dcee-11e8-81b9-3791d1c6638f",
|
||||
"value": "CommonRansom"
|
||||
}
|
||||
],
|
||||
"version": 39
|
||||
"version": 40
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue