MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-01-19 02:56:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add Ragnarok Ransomware

Browse source
This commit is contained in:
rmkml 2020-08-02 20:13:30 +02:00
parent 590e292b68
commit eab9eaca8d
1 changed files with 34 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
clusters/malpedia.json
View file

@ -6,7 +6,8 @@
"Andrea Garavaglia", "Andrea Garavaglia",
"Andras Iklody", "Andras Iklody",
"Daniel Plohmann", "Daniel Plohmann",
"Christophe Vandeplas" "Christophe Vandeplas",
"Rmkml"
], ],
"category": "tool", "category": "tool",
"description": "Malware galaxy cluster based on Malpedia.", "description": "Malware galaxy cluster based on Malpedia.",
@ -18809,7 +18810,38 @@
}, },
"uuid": "237a1c2e-fb14-583d-ab2c-71f10a52ec06", "uuid": "237a1c2e-fb14-583d-ab2c-71f10a52ec06",
"value": "MedusaLocker" "value": "MedusaLocker"
},
{
"description": "Raccoon is a stealer and collects \"passwords, cookies and autofill from all popular browsers (including FireFox x64), CC data, system information, almost all existing desktop wallets of cryptocurrencies\".",
"meta": {
"refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.raccoon",
"https://www.secfreaks.gr/2019/12/in-depth-analysis-of-an-infostealer-raccoon.html",
"https://www.bitdefender.com/files/News/CaseStudies/study/289/Bitdefender-WhitePaper-Fallout.pdf",
"https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block"
],
"synonyms": [
"Racoon"
],
"type": []
},
"uuid": "10c03b2e-5e53-11ea-ac08-00163cdbc7b4",
"value": "Raccoon"
},
{
"description": "According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/",
"https://news.sophos.com/en-us/2020/05/21/asnarok2/",
"https://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-01-26-ragnarok-cfg-vk.notes.raw"
],
"synonyms": [],
"type": []
},
"uuid": "10c03b2f-5e52-01ea-bc08-00153cdbc7b3",
"value": "Ragnarok"
} }
], ],
"version": 2561 "version": 2563
} }