mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 15:27:18 +00:00
Merge pull request #122 from Delta-Sierra/master
cryptomix - merge duplicates and update
This commit is contained in:
commit
b151b23ea0
1 changed files with 13 additions and 23 deletions
|
@ -5018,16 +5018,26 @@
|
||||||
".id_*_email_zeta@dr.com",
|
".id_*_email_zeta@dr.com",
|
||||||
".id_(ID_MACHINE)_email_anx@dr.com_.scl",
|
".id_(ID_MACHINE)_email_anx@dr.com_.scl",
|
||||||
".email[supl0@post.com]id[\\[[a-z0-9]{16}\\]].lesli",
|
".email[supl0@post.com]id[\\[[a-z0-9]{16}\\]].lesli",
|
||||||
"*filename*.email[*email*]_id[*id*].rdmk"
|
"*filename*.email[*email*]_id[*id*].rdmk",
|
||||||
|
".EMPTY",
|
||||||
|
".0000"
|
||||||
],
|
],
|
||||||
"ransomnotes": [
|
"ransomnotes": [
|
||||||
"HELP_YOUR_FILES.html (CryptXXX)",
|
"HELP_YOUR_FILES.html (CryptXXX)",
|
||||||
"HELP_YOUR_FILES.txt (CryptoWall 3.0, 4.0)",
|
"HELP_YOUR_FILES.txt (CryptoWall 3.0, 4.0)",
|
||||||
"INSTRUCTION RESTORE FILE.TXT"
|
"INSTRUCTION RESTORE FILE.TXT",
|
||||||
|
"# HELP_DECRYPT_YOUR_FILES #.TXT",
|
||||||
|
"_HELP_INSTRUCTION.TXT",
|
||||||
|
"C:\\ProgramData\\[random].exe",
|
||||||
|
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nempty01@techmail.info\n\nempty02@yahooweb.co\n\nempty003@protonmail.com\n\nWe will help You as soon as possible!\n\nDECRYPT-ID-[id] number",
|
||||||
|
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ny0000@tuta.io\n\ny0000@protonmail.com\n\ny0000z@yandex.com\n\ny0000s@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id]"
|
||||||
],
|
],
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://www.nyxbone.com/malware/CryptoMix.html",
|
"http://www.nyxbone.com/malware/CryptoMix.html",
|
||||||
"https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/"
|
"https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/",
|
||||||
|
"https://twitter.com/JakubKroustek/status/804009831518572544",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -8326,26 +8336,6 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"value": "Zeta",
|
|
||||||
"description": "Ransomware",
|
|
||||||
"meta": {
|
|
||||||
"synonyms": [
|
|
||||||
"CryptoMix"
|
|
||||||
],
|
|
||||||
"extensions": [
|
|
||||||
".code",
|
|
||||||
".scl",
|
|
||||||
".rmd"
|
|
||||||
],
|
|
||||||
"ransomnotes": [
|
|
||||||
"# HELP_DECRYPT_YOUR_FILES #.TXT"
|
|
||||||
],
|
|
||||||
"refs": [
|
|
||||||
"https://twitter.com/JakubKroustek/status/804009831518572544"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"value": "Zimbra",
|
"value": "Zimbra",
|
||||||
"description": "Ransomware mpritsken@priest.com",
|
"description": "Ransomware mpritsken@priest.com",
|
||||||
|
|
Loading…
Reference in a new issue