From 78c1f073590c4ae1822c8508f62934ffb215fab2 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 27 Sep 2018 15:42:20 +0200 Subject: [PATCH] new ransomware and relations --- clusters/exploit-kit.json | 14 ++++++++++++-- clusters/ransomware.json | 27 +++++++++++++++++++++++++-- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index c0cc872..78b25e0 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -44,13 +44,23 @@ "description": "Fallout Exploit Kit appeared at the end of August 2018 as an updated Nuclear Pack featuring current exploits seen in competiting Exploit Kit.", "meta": { "refs": [ - "https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html" + "https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html", + "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/" ], "status": "Active", "synonyms": [ "Fallout" ] }, + "related": [ + { + "dest-uuid": "5920464b-e093-4fa0-a275-438dffef228f", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "dropped" + } + ], "uuid": "1f05f646-5af6-4a95-825b-164f49616aa4", "value": "Fallout" }, @@ -734,5 +744,5 @@ "value": "Unknown" } ], - "version": 9 + "version": 10 } diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 764a72e..a8e0011 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9606,9 +9606,19 @@ "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/", "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/", "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/", - "https://www.bleepingcomputer.com/news/security/gandcrab-version-3-released-with-autorun-feature-and-desktop-background/" + "https://www.bleepingcomputer.com/news/security/gandcrab-version-3-released-with-autorun-feature-and-desktop-background/", + "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/" ] }, + "related": [ + { + "dest-uuid": "1f05f646-5af6-4a95-825b-164f49616aa4", + "tags": [ + "estimative-language:likelihood-probability=\"almost-certain\"" + ], + "type": "dropped-by" + } + ], "uuid": "5920464b-e093-4fa0-a275-438dffef228f", "value": "GandCrab" }, @@ -10558,7 +10568,20 @@ { "value": "Crypt0saur", "uuid": "32406292-b738-11e8-ab97-1f674b130624" + }, + { + "value": "Mongo Lock", + "description": "An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back. While this new campaign is using a name to identify itself, these types of attacks are not new and MongoDB databases have been targeted for a while now. These hijacks work by attackers scanning the Internet or using services such as Shodan.io to search for unprotected MongoDB servers. Once connected, the attackers may export the databases, delete them, and then create a ransom note explaining how to get the databases back.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/" + ], + "ransomnotes": [ + "Your database was encrypted by 'Mongo Lock'. if you want to decrypt your database, need to be pay us 0.1 BTC (Bitcoins), also don't delete 'Unique_KEY' and save it to safe place, without that we cannot help you. Send email to us: mongodb@8chan.co for decryption service." + ] + }, + "uuid": "2aa481fe-c254-11e8-ad1c-efee78419960" } ], - "version": 33 + "version": 34 }