MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #569 from rmkml/master

Browse source 
add Ragnarok Ransomware
This commit is contained in:
Alexandre Dulaunoy 2020-08-05 10:39:52 +02:00 committed by GitHub
commit fef7cf4b4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
clusters/malpedia.json
View file

@ -6,7 +6,8 @@
"Andrea Garavaglia",
"Andras Iklody",
"Daniel Plohmann",
"Christophe Vandeplas"
"Christophe Vandeplas",
"Rmkml"
],
"category": "tool",
"description": "Malware galaxy cluster based on Malpedia.",
@ -18826,7 +18827,21 @@
},
"uuid": "10c03b2e-5e53-11ea-ac08-00163cdbc7b4",
"value": "Raccoon"
},
{
"description": "According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/",
"https://news.sophos.com/en-us/2020/05/21/asnarok2/",
"https://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-01-26-ragnarok-cfg-vk.notes.raw"
],
"synonyms": [],
"type": []
},
"uuid": "10c03b2f-5e52-01ea-bc08-00153cdbc7b3",
"value": "Ragnarok"
}
],
"version": 2562
"version": 2563
}