MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #198 from Delta-Sierra/master 

add Xiaoba
pull/199/head
Deborah Servili 2018-04-20 10:37:35 +02:00 committed by GitHub
parent 9962254e82 f95f7b6057
commit 01b05f66aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
clusters/ransomware.json
View File

@ -9549,12 +9549,69 @@
]
},
"uuid": "449e18b0-43d1-11e8-847e-0fed641732a1"
},
{
"value": "XiaoBa ransomware",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/xiaoba-ransomware-retooled-as-coinminer-but-manages-to-ruin-your-files-anyway/",
"https://twitter.com/malwrhunterteam/status/923847744137154560",
"https://twitter.com/struppigel/status/926748937477939200",
"https://twitter.com/demonslay335/status/968552114787151873"
],
"extensions": [
".Encrypted[BaYuCheng@yeah.net].XiaBa",
".XiaoBa1",
".XiaoBa2",
".XiaoBa3",
".XiaoBa4",
".XiaoBa5",
".XiaoBa6",
".XiaoBa7",
".XiaoBa8",
".XiaoBa9",
".XiaoBa10",
".XiaoBa11",
".XiaoBa12",
".XiaoBa13",
".XiaoBa14",
".XiaoBa15",
".XiaoBa16",
".XiaoBa17",
".XiaoBa18",
".XiaoBa19",
".XiaoBa20",
".XiaoBa21",
".XiaoBa22",
".XiaoBa23",
".XiaoBa24",
".XiaoBa25",
".XiaoBa26",
".XiaoBa27",
".XiaoBa28",
".XiaoBa29",
".XiaoBa30",
".XiaoBa31",
".XiaoBa32",
".XiaoBa33",
".XiaoBa34"
],
"ransomnotes": [
"https://pbs.twimg.com/media/DNIoIFuX4AAce7J.jpg",
"https://pbs.twimg.com/media/DNx5Of-X0AASVda.jpg",
"_@XiaoBa@_.bmp",
"_@Explanation@_.hta",
"_XiaoBa_Info_.hta",
"_XiaoBa_Info_.bmp"
]
},
"uuid": "ef094aa6-4465-11e8-81ce-739cce28650b"
}
],
"source": "Various",
"uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
"name": "Ransomware",
"version": 16,
"version": 17,
"type": "ransomware",
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
}