From f87da7a3a65a74cc70f4936ebe507bb8ab4a369d Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 20 Apr 2018 10:13:52 +0200 Subject: [PATCH] add Xiaoba --- clusters/ransomware.json | 57 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 23673a2..1ada392 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9549,6 +9549,63 @@ ] }, "uuid": "449e18b0-43d1-11e8-847e-0fed641732a1" + }, + { + "value": "XiaoBa ransomware", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/xiaoba-ransomware-retooled-as-coinminer-but-manages-to-ruin-your-files-anyway/", + "https://twitter.com/malwrhunterteam/status/923847744137154560", + "https://twitter.com/struppigel/status/926748937477939200", + "https://twitter.com/demonslay335/status/968552114787151873" + ], + "extensions": [ + ".Encrypted[BaYuCheng@yeah.net].XiaBa", + ".XiaoBa1", + ".XiaoBa2", + ".XiaoBa3", + ".XiaoBa4", + ".XiaoBa5", + ".XiaoBa6", + ".XiaoBa7", + ".XiaoBa8", + ".XiaoBa9", + ".XiaoBa10", + ".XiaoBa11", + ".XiaoBa12", + ".XiaoBa13", + ".XiaoBa14", + ".XiaoBa15", + ".XiaoBa16", + ".XiaoBa17", + ".XiaoBa18", + ".XiaoBa19", + ".XiaoBa20", + ".XiaoBa21", + ".XiaoBa22", + ".XiaoBa23", + ".XiaoBa24", + ".XiaoBa25", + ".XiaoBa26", + ".XiaoBa27", + ".XiaoBa28", + ".XiaoBa29", + ".XiaoBa30", + ".XiaoBa31", + ".XiaoBa32", + ".XiaoBa33", + ".XiaoBa34" + ], + "ransomnotes":[ + "https://pbs.twimg.com/media/DNIoIFuX4AAce7J.jpg", + "https://pbs.twimg.com/media/DNx5Of-X0AASVda.jpg", + "_@XiaoBa@_.bmp", + "_@Explanation@_.hta", + "_XiaoBa_Info_.hta", + "_XiaoBa_Info_.bmp" + ] + }, + "uuid": "ef094aa6-4465-11e8-81ce-739cce28650b" } ], "source": "Various",