Merge pull request #528 from Delta-Sierra/master

UPdate Ransomware Galaxy
This commit is contained in:
Alexandre Dulaunoy 2020-04-03 16:46:09 +02:00 committed by GitHub
commit b91547e911
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -13752,7 +13752,46 @@
], ],
"uuid": "42148074-196b-4f8c-b149-12163fc385fa", "uuid": "42148074-196b-4f8c-b149-12163fc385fa",
"value": "Wadhrama" "value": "Wadhrama"
},
{
"description": "Mespinoza ransomware is used at least since october 2018. First versions used the common extension \".locked\". SInce december 2019 a new version in open sourced and documented, this new version uses the \".pyza\" extension.",
"meta": {
"extensions": [
".pyza",
".locked"
],
"ransomnotes-filenames": [
"RECOVER_YOUR_DATA.txt"
],
"refs": [
"https://www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-002/",
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-002.pdf"
],
"synonyms": [
"Pyza"
]
},
"uuid": "deed3c10-93b6-41b9-b150-f4dd1b665d87",
"value": "Mespinoza"
},
{
"description": "A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.\nWith the increasing fears and anxiety of the Coronavirus (COVID-19) outbreak, an attacker has started to build a campaign to distribute a malware cocktail consisting of the CoronaVirus Ransomware and the Kpot information-stealing Trojan.\nThis new ransomware was discovered by MalwareHunterTeam and after further digging into the source of the file, we have been able to determine how the threat actor plans on distributing the ransomware and possible clues suggesting that it may actually be a wiper.",
"meta": {
"ransomnotes-filenames": [
"CoronaVirus.txt"
],
"ransomnotes-refs": [
"https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/ransom-note.jpg",
"https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/mbr-locker.jpg",
"https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/changed-mbrlocker-screen.jpg"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/"
]
},
"uuid": "575b2b3c-d762-4ba6-acbd-51ecdb57249f",
"value": "CoronaVirus"
} }
], ],
"version": 83 "version": 85
} }