mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
commit
fef7cf4b4f
1 changed files with 17 additions and 2 deletions
|
@ -6,7 +6,8 @@
|
||||||
"Andrea Garavaglia",
|
"Andrea Garavaglia",
|
||||||
"Andras Iklody",
|
"Andras Iklody",
|
||||||
"Daniel Plohmann",
|
"Daniel Plohmann",
|
||||||
"Christophe Vandeplas"
|
"Christophe Vandeplas",
|
||||||
|
"Rmkml"
|
||||||
],
|
],
|
||||||
"category": "tool",
|
"category": "tool",
|
||||||
"description": "Malware galaxy cluster based on Malpedia.",
|
"description": "Malware galaxy cluster based on Malpedia.",
|
||||||
|
@ -18826,7 +18827,21 @@
|
||||||
},
|
},
|
||||||
"uuid": "10c03b2e-5e53-11ea-ac08-00163cdbc7b4",
|
"uuid": "10c03b2e-5e53-11ea-ac08-00163cdbc7b4",
|
||||||
"value": "Raccoon"
|
"value": "Raccoon"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "According to Bleeping Computer, the ransomware is used in targeted attacks against unpatched Citrix servers. It excludes Russian and Chinese targets using the system's Language ID for filtering. It also tries to disable Windows Defender and has a number of UNIX filepath references in its strings. Encryption method is AES using a dynamically generated key, then bundling this key up via RSA.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/",
|
||||||
|
"https://news.sophos.com/en-us/2020/05/21/asnarok2/",
|
||||||
|
"https://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-01-26-ragnarok-cfg-vk.notes.raw"
|
||||||
|
],
|
||||||
|
"synonyms": [],
|
||||||
|
"type": []
|
||||||
|
},
|
||||||
|
"uuid": "10c03b2f-5e52-01ea-bc08-00153cdbc7b3",
|
||||||
|
"value": "Ragnarok"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 2562
|
"version": 2563
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue