From 289e41a35b99ca5be1a7c14865a90e92bb8a2726 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 19 Feb 2018 15:58:47 +0100 Subject: [PATCH] add gandcrap ransomware + update references --- clusters/banker.json | 3 ++- clusters/ransomware.json | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/banker.json b/clusters/banker.json index f12e8ca..f6c6300 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -165,7 +165,8 @@ "meta": { "refs": [ "https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-trojan-hits-the-market", - "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf" + "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf", + "https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers" ], "synonyms": [ "Zeus Panda" diff --git a/clusters/ransomware.json b/clusters/ransomware.json index cccc98b..a66196f 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -8707,6 +8707,17 @@ "https://objective-see.com/blog/blog_0x25.html" ] } + }, + { + "value": "GandCrab", + "description": "A new ransomware called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld. ", + "meta": { + "date": "January 2018", + "refs": [ + "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/", + "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/" + ] + } } ], "source": "Various",