mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merge pull request #528 from Delta-Sierra/master
UPdate Ransomware Galaxy
This commit is contained in:
commit
b91547e911
1 changed files with 40 additions and 1 deletions
|
@ -13752,7 +13752,46 @@
|
|||
],
|
||||
"uuid": "42148074-196b-4f8c-b149-12163fc385fa",
|
||||
"value": "Wadhrama"
|
||||
},
|
||||
{
|
||||
"description": "Mespinoza ransomware is used at least since october 2018. First versions used the common extension \".locked\". SInce december 2019 a new version in open sourced and documented, this new version uses the \".pyza\" extension.",
|
||||
"meta": {
|
||||
"extensions": [
|
||||
".pyza",
|
||||
".locked"
|
||||
],
|
||||
"ransomnotes-filenames": [
|
||||
"RECOVER_YOUR_DATA.txt"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-002/",
|
||||
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-002.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Pyza"
|
||||
]
|
||||
},
|
||||
"uuid": "deed3c10-93b6-41b9-b150-f4dd1b665d87",
|
||||
"value": "Mespinoza"
|
||||
},
|
||||
{
|
||||
"description": "A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.\nWith the increasing fears and anxiety of the Coronavirus (COVID-19) outbreak, an attacker has started to build a campaign to distribute a malware cocktail consisting of the CoronaVirus Ransomware and the Kpot information-stealing Trojan.\nThis new ransomware was discovered by MalwareHunterTeam and after further digging into the source of the file, we have been able to determine how the threat actor plans on distributing the ransomware and possible clues suggesting that it may actually be a wiper.",
|
||||
"meta": {
|
||||
"ransomnotes-filenames": [
|
||||
"CoronaVirus.txt"
|
||||
],
|
||||
"ransomnotes-refs": [
|
||||
"https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/ransom-note.jpg",
|
||||
"https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/mbr-locker.jpg",
|
||||
"https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/changed-mbrlocker-screen.jpg"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/"
|
||||
]
|
||||
},
|
||||
"uuid": "575b2b3c-d762-4ba6-acbd-51ecdb57249f",
|
||||
"value": "CoronaVirus"
|
||||
}
|
||||
],
|
||||
"version": 83
|
||||
"version": 85
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue