mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
Merge pull request #164 from Delta-Sierra/master
add RSAUtil and Coldroot
This commit is contained in:
commit
e2eabc8cec
2 changed files with 40 additions and 0 deletions
|
@ -9290,6 +9290,35 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "361d7a90-2fde-4fc7-91ed-fdce26eb790f"
|
"uuid": "361d7a90-2fde-4fc7-91ed-fdce26eb790f"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "RSAUtil",
|
||||||
|
"description": "RSAUtil is distributed by the developer hacking into remote desktop services and uploading a package of files. This package contains a variety of tools, a config file that determines how the ransomware executes, and the ransomware itself.",
|
||||||
|
"uuid": "f80b0a42-21ef-11e8-8ac7-0317408794e2",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.securityweek.com/rsautil-ransomware-distributed-rdp-attacks",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/rsautil-ransomware-helppme-india-com-installed-via-hacked-remote-desktop-services/",
|
||||||
|
"http://id-ransomware.blogspot.lu/2017/04/rsautil-ransomware.html",
|
||||||
|
"http://id-ransomware.blogspot.lu/2017/04/"
|
||||||
|
],
|
||||||
|
"ransomnotes": [
|
||||||
|
"How_return_files.txt",
|
||||||
|
"Image.jpg",
|
||||||
|
"Hello... :)\nFor instructions on how to recovery the files, write to me:\njonskuper578@india.com\njonskuper578@gmx.de\njonskuper578@protonmail.com\nIn the letter, indicate your personal ID (see the file format).\nIf you have not received an answer, write to me again.",
|
||||||
|
"WARNING!!!\nYour ID 83624883\nOUR FILES ARE DECRIPTED\nYour documents, photos, database, save games and other important data was encrypted.\nData recovery the necessary interpreter. To get the interpreter, should send an email to helppme@india.com or hepl1112@aol.com.\nIn a letter to include Your personal ID (see the beginning of this document).\nIn response to the letter You will receive the address of your Bitcoin wallet to which you want to perform the transfer.\nWhen money transfer is confirmed, You will receive the decrypter file for Your computer.\nAfter starting the programm-interpreter, all Your files will be restored.\nAttention! Do not attempt to remove a program or run the anti-virus tools.",
|
||||||
|
"Привет мой друг!\nВсе файлы на твоем ПК зашифрованы!\nМой email: helppme@india.com или\nhepl1112@aol.com",
|
||||||
|
"Hello my friend!\nAll files on your PC encryphted!\nmy email: helppme@india.com or\nhepl1112@aol.com",
|
||||||
|
"ПРЕДУПРЕЖДЕНИЕ!!!\nВаш ID 83624883\nOUR FILES ARE DECRIPTED\nЗашифрованы ваши документы, фотографии, база данных, сохранения игр и другие важные данные.\nВосстановить данные нужен интерпретатор. Для получения интерпретатора надо отправить email на helppme@india.com или hepl1112@aol.com.\nВ письме укажите Ваш личный ID (см. начало этого документа).\nВ ответ на письмо Вы получите адрес вашего биткойн-кошелька, на который Вы хотите сделать перевод.\nКогда денежный перевод будет подтвержден, вы получите файл-декриптер для Вашего компьютера.\nПосле запуска программы-интерпретатора все Ваши файлы будут восстановлены.\nВнимание! Не пытайтесь удалить программу или запустить антивирусные программы.",
|
||||||
|
"https://4.bp.blogspot.com/-6jE-GW6wCr8/WQY1L_uHsFI/AAAAAAAAE-A/3YR0bwwBJqgp8CsApZq4F_44JkMB0m2WwCLcB/s320/image-note.jpg",
|
||||||
|
"https://2.bp.blogspot.com/-T4lvnNISc_A/WQY1SI1r1mI/AAAAAAAAE-E/tH7p02nS2LUTvXmq66poiyM1RYhHc4HbwCLcB/s200/lock-note.jpg",
|
||||||
|
"Hello…\nFor instructions on how to recovery the files, write to me:\nvine77725@gmx.de\nvine77725@india.com\nvine77725@protonmail.com\nIn the letter, indicate your personal ID (see the file format).\nIf you have not received an answer, write to me again."
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Vagger",
|
||||||
|
"DONTSLIP"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": "Various",
|
"source": "Various",
|
||||||
|
|
|
@ -2410,6 +2410,17 @@
|
||||||
"http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
|
"http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Coldroot",
|
||||||
|
"description": "Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.\nThe RAT appears to have been created as a joke, \"to Play with Mac users,\" and \"give Mac it's rights in this [the RAT] field,\" but has since expanded to work all three major desktop operating systems — Linux, macOS, and Windows— according to a screenshot of its builder extracted from a promotional YouTube video.",
|
||||||
|
"uuid": "0a1b71bc-21f6-11e8-8f58-371613fbbd8a",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/",
|
||||||
|
"https://github.com/xlinshan/Coldroot"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue