MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add Sigrun ransomware

Browse source
This commit is contained in:
Deborah Servili 2018-06-06 16:12:31 +02:00
parent 07f91bcca4
commit e2a25e165d
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/ransomware.json
View file

@ -9694,12 +9694,22 @@
]
},
"uuid": "39cb0268-528b-11e8-ac30-0fa44afdc8de"
},
{
"value": "Sigrun Ransomware",
"description": "When Sigrun is executed it will first check \"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\" to see if it is set to the Russian layout. If the computer is using a Russian layout, it will not encrypt the computer and just delete itself. Otherwise Sigrun will scan a computer for files to encrypt and skip any that match certain extensions, filenames, or are located in particular folders. ",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/"
]
},
"uuid": "5a53eec2-6993-11e8-a4d5-67480005dcbd"
}
],
"source": "Various",
"uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
"name": "Ransomware",
"version": 21,
"version": 22,
"type": "ransomware",
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
}