From 9004c387c03baead15388487b9f690aaa9ce1746 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 23 Aug 2024 09:12:26 +0200 Subject: [PATCH 1/3] chg: [ransomware] update the description of ransomware galaxy which is now fully maintained by MISP project --- clusters/ransomware.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index b75a5cc..fd58993 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -3,10 +3,11 @@ "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml", "http://pastebin.com/raw/GHgpWjar", "MISP Project", - "https://id-ransomware.blogspot.com/2016/07/ransomware-list.html" + "https://id-ransomware.blogspot.com/2016/07/ransomware-list.html", + "ransomlook.io" ], "category": "tool", - "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar", + "description": "Ransomware galaxy based on different sources and maintained by the MISP Project.", "name": "Ransomware", "source": "Various", "type": "ransomware", From 933365fb42192b7cb46c40b905443c8b8732aeff Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 23 Aug 2024 09:16:08 +0200 Subject: [PATCH 2/3] chg: [ransomware] updated --- README.md | 4 ++-- clusters/ransomware.json | 40 +++++++++++++++++++++++++++++++++++----- 2 files changed, 37 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 336517e..6e545b2 100644 --- a/README.md +++ b/README.md @@ -485,9 +485,9 @@ Category: *actor* - source: *MISP Project* - total: *33* elements ## Ransomware -[Ransomware](https://www.misp-galaxy.org/ransomware) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar +[Ransomware](https://www.misp-galaxy.org/ransomware) - Ransomware galaxy based on different sources and maintained by the MISP Project. -Category: *tool* - source: *Various* - total: *1799* elements +Category: *tool* - source: *Various* - total: *1801* elements [[HTML](https://www.misp-galaxy.org/ransomware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json)] diff --git a/clusters/ransomware.json b/clusters/ransomware.json index fd58993..1145615 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -28152,7 +28152,8 @@ "http://3slz4povugieoi3tw7sblxoowxhbzxeju427cffsst5fo2tizepwatid.onion", "http://h3reihqb2y7woqdary2g3bmk3apgtxuyhx4j2ftovbhe3l5svev7bdyd.onion", "http://h3reihqb2y7woqdary2g3bmk3apgtxuyhx4j2ftovbhe3l5svev7bdyd.onion/stm.html", - "http://pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion" + "http://pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion", + "http://6sf5xa7eso3e3vk46i5tpcqhnlayczztj7zjktzaztlotyy75zs6j7qd.onion" ], "refs": [ "https://www.ransomlook.io/group/stormous" @@ -28415,7 +28416,8 @@ "meta": { "links": [ "https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion", - "https://hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion/login" + "https://hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion/login", + "https://huntersinternational.net" ], "refs": [ "https://www.ransomlook.io/group/hunters" @@ -29473,7 +29475,11 @@ "links": [ "http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion", "http://cybertube.video/web/index.html#!/details?id=0c3b52f6e73709725dc6e12b30b139d9&serverId=2be5e68176ff4f8fbb930fe66321ab72", - "http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion/back/getallblogs" + "http://e27z5kd2rjsern2gpgukhcioysqlfquxgf7rxpvcwepxl4lfc736piyd.onion/back/getallblogs", + "http://dispossessor.com", + "http://dispossessor-cloud.com", + "http://cybernewsint.com", + "http://redhotcypher.com" ], "refs": [ "https://www.ransomlook.io/group/dispossessor" @@ -29596,7 +29602,31 @@ }, "uuid": "5cc68850-aeb0-507f-a981-9457bcf37c0c", "value": "rtm locker" + }, + { + "value": "radar", + "meta": { + "links": [ + "http://radar.ltd" + ], + "refs": [ + "https://www.ransomlook.io/group/radar" + ] + }, + "uuid": "0b0e39f8-1a22-58da-98ea-96f4819a68fa" + }, + { + "value": "helldown", + "meta": { + "links": [ + "http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/helldown" + ] + }, + "uuid": "1fe17577-91bb-581b-8189-c61f05cf35aa" } ], - "version": 130 -} + "version": 131 +} \ No newline at end of file From 50b3fe1b73b64391867225f07c161fecab2edf9f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 23 Aug 2024 09:17:52 +0200 Subject: [PATCH 3/3] chg: [ransomware] jq all the things --- clusters/ransomware.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 1145615..602c7a3 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -29604,7 +29604,6 @@ "value": "rtm locker" }, { - "value": "radar", "meta": { "links": [ "http://radar.ltd" @@ -29613,10 +29612,10 @@ "https://www.ransomlook.io/group/radar" ] }, - "uuid": "0b0e39f8-1a22-58da-98ea-96f4819a68fa" + "uuid": "0b0e39f8-1a22-58da-98ea-96f4819a68fa", + "value": "radar" }, { - "value": "helldown", "meta": { "links": [ "http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/" @@ -29625,8 +29624,9 @@ "https://www.ransomlook.io/group/helldown" ] }, - "uuid": "1fe17577-91bb-581b-8189-c61f05cf35aa" + "uuid": "1fe17577-91bb-581b-8189-c61f05cf35aa", + "value": "helldown" } ], "version": 131 -} \ No newline at end of file +}