diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 635b4b9..266896a 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13574,13 +13574,14 @@ "value": "Maze" }, { - "value": "Cyborg Ransomware", "description": "Ransomware delivered using fake Windows Update spam", "meta": { "refs": [ "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/" ] - } + }, + "uuid": "0a0b9311-8cbc-4d97-b337-42c9a018ebe0", + "value": "Cyborg Ransomware" } ], "version": 73 diff --git a/clusters/tool.json b/clusters/tool.json index 5da8749..b4b3be5 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7878,14 +7878,15 @@ "value": "ShadowHammer" }, { - "value": "DePriMon", "description": "DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name; that’s why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.", "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/", "https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/" ] - } + }, + "uuid": "c76874cd-0d73-4cbf-8d39-a066900dd4ce", + "value": "DePriMon" } ], "version": 128