Merge branch 'rmkml-master'

2025-02-17 01:06:22 +00:00 · 2019-11-22 22:41:29 +01:00 · 2019-11-22 22:41:29 +01:00 · e88b1e07ea
commit e88b1e07ea
parent 85ccbee574 2659d864d6
1 changed files with 15 additions and 1 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -13591,7 +13591,21 @@
      },
      "uuid": "0a0b9311-8cbc-4d97-b337-42c9a018ebe0",
      "value": "Cyborg Ransomware"
+    },
+    {
+      "description": "A targeted email campaign has been spotted distributing the JasperLoader to victims. While the JasperLoader was originally used to then install Gootkit, Certego has observed it now being used to infect victims with a new ransomware dubbed FTCODE. Using an invoice-themed email appearing to target Italian users, the attackers attempt to convince users to allow macros in a Word document. The macro is used to run PowerShell to retrieve additional PowerShell code.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "price": "0.06",
+        "refs": [
+          "https://www.certego.net/en/news/malware-tales-ftcode/",
+          "https://exchange.xforce.ibmcloud.com/collection/FTCODE-Ransomware-45dacdc2d5cf30722ced20b9d37988c2",
+          "https://malpedia.caad.fkie.fraunhofer.de/details/ps1.ftcode"
+        ]
+      },
+      "uuid": "7cea9946-1f4d-441a-4ebf-044d442454b6",
+      "value": "FTCode"
    }
  ],
-  "version": 73
+  "version": 74
 }