diff --git a/clusters/ransomware.json b/clusters/ransomware.json index c2dcb57..6cf1827 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13752,7 +13752,46 @@ ], "uuid": "42148074-196b-4f8c-b149-12163fc385fa", "value": "Wadhrama" + }, + { + "description": "Mespinoza ransomware is used at least since october 2018. First versions used the common extension \".locked\". SInce december 2019 a new version in open sourced and documented, this new version uses the \".pyza\" extension.", + "meta": { + "extensions": [ + ".pyza", + ".locked" + ], + "ransomnotes-filenames": [ + "RECOVER_YOUR_DATA.txt" + ], + "refs": [ + "https://www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-002/", + "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-002.pdf" + ], + "synonyms": [ + "Pyza" + ] + }, + "uuid": "deed3c10-93b6-41b9-b150-f4dd1b665d87", + "value": "Mespinoza" + }, + { + "description": "A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.\nWith the increasing fears and anxiety of the Coronavirus (COVID-19) outbreak, an attacker has started to build a campaign to distribute a malware cocktail consisting of the CoronaVirus Ransomware and the Kpot information-stealing Trojan.\nThis new ransomware was discovered by MalwareHunterTeam and after further digging into the source of the file, we have been able to determine how the threat actor plans on distributing the ransomware and possible clues suggesting that it may actually be a wiper.", + "meta": { + "ransomnotes-filenames": [ + "CoronaVirus.txt" + ], + "ransomnotes-refs": [ + "https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/ransom-note.jpg", + "https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/mbr-locker.jpg", + "https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/changed-mbrlocker-screen.jpg" + ], + "refs": [ + "https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/" + ] + }, + "uuid": "575b2b3c-d762-4ba6-acbd-51ecdb57249f", + "value": "CoronaVirus" } ], - "version": 83 + "version": 85 }