diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 23673a2e..0b4d2252 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -9549,12 +9549,69 @@ ] }, "uuid": "449e18b0-43d1-11e8-847e-0fed641732a1" + }, + { + "value": "XiaoBa ransomware", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/xiaoba-ransomware-retooled-as-coinminer-but-manages-to-ruin-your-files-anyway/", + "https://twitter.com/malwrhunterteam/status/923847744137154560", + "https://twitter.com/struppigel/status/926748937477939200", + "https://twitter.com/demonslay335/status/968552114787151873" + ], + "extensions": [ + ".Encrypted[BaYuCheng@yeah.net].XiaBa", + ".XiaoBa1", + ".XiaoBa2", + ".XiaoBa3", + ".XiaoBa4", + ".XiaoBa5", + ".XiaoBa6", + ".XiaoBa7", + ".XiaoBa8", + ".XiaoBa9", + ".XiaoBa10", + ".XiaoBa11", + ".XiaoBa12", + ".XiaoBa13", + ".XiaoBa14", + ".XiaoBa15", + ".XiaoBa16", + ".XiaoBa17", + ".XiaoBa18", + ".XiaoBa19", + ".XiaoBa20", + ".XiaoBa21", + ".XiaoBa22", + ".XiaoBa23", + ".XiaoBa24", + ".XiaoBa25", + ".XiaoBa26", + ".XiaoBa27", + ".XiaoBa28", + ".XiaoBa29", + ".XiaoBa30", + ".XiaoBa31", + ".XiaoBa32", + ".XiaoBa33", + ".XiaoBa34" + ], + "ransomnotes": [ + "https://pbs.twimg.com/media/DNIoIFuX4AAce7J.jpg", + "https://pbs.twimg.com/media/DNx5Of-X0AASVda.jpg", + "_@XiaoBa@_.bmp", + "_@Explanation@_.hta", + "_XiaoBa_Info_.hta", + "_XiaoBa_Info_.bmp" + ] + }, + "uuid": "ef094aa6-4465-11e8-81ce-739cce28650b" } ], "source": "Various", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "name": "Ransomware", - "version": 16, + "version": 17, "type": "ransomware", "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" }