Merge pull request #379 from rmkml/master

Add BlackWorm Ransomware
2025-01-19 11:06:16 +00:00 · 2019-04-13 09:29:02 +02:00 · 2019-04-13 09:29:02 +02:00 · 903612178f
commit 903612178f
parent eaf8458f8e f94e138b27
3 changed files with 36 additions and 3 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -13074,7 +13074,19 @@
      },
      "uuid": "8cfa694c-2e6b-310a-728f-027d981870b2",
      "value": "GlobeImposter"
+    },
+    {
+      "description": "BlackWorm Ransomware is a malicious computer infection that encrypts your files, and then does everything it can to prevent you from restoring them. It needs you to pay $200 for the decryption key, but there is no guarantee that the people behind this infection would really issue the decryption tool for you.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "price": "200 $",
+        "refs": [
+          "https://spyware-techie.com/blackworm-ransomware-removal-guide"
+        ]
+      },
+      "uuid": "8cfa694a-2e5b-300a-727f-027d881870b2",
+      "value": "BlackWorm"
    }
  ],
-  "version": 55
+  "version": 56
 }
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@ -54,7 +54,18 @@
      },
      "uuid": "a646edab-5c6f-4a79-8a6c-153535259e16",
      "value": "AZORult"
+    },
+    {
+      "description": "Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.",
+      "meta": {
+        "date": "Dec 2018.",
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar"
+        ]
+      },
+      "uuid": "a646edaa-4c6f-3a79-7a6c-143535259e15",
+      "value": "Vidar"
    }
  ],
-  "version": 4
+  "version": 5
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -7620,7 +7620,17 @@
      ],
      "uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4",
      "value": "EVILNUM"
+    },
+    {
+      "description": "Brushaloader also leverages a combination of VBScript and PowerShell to create a Remote Access Trojan (RAT) that allows persistent command execution on infected systems.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html"
+        ]
+      },
+      "uuid": "e1ca79ea-5628-4266-bb36-3892c7126ef4",
+      "value": "Brushaloader"
    }
  ],
-  "version": 115
+  "version": 116
 }