From f53a92065c55486f292144bf685e0421cb5ccd58 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 16 Jan 2020 16:46:38 +0100
Subject: [PATCH 1/2] Update ransomware.json

5ss5c
---
 clusters/ransomware.json | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 0cfdb14c..c591c683 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13619,7 +13619,22 @@
       },
       "uuid": "21b349c3-ede2-4e11-abda-1444eb272eff",
       "value": "Clop"
+    },
+    {
+      "description": "The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named 5ss5c. [...] It will however only encrypt files with the following extensions: 7z, bak, cer, csv, db, dbf, dmp, docx, eps, ldf, mdb, mdf, myd, myi, ora, pdf, pem, pfx, ppt, pptx, psd, rar, rtf, sql, tar, txt, vdi, vmdk, vmx, xls, xlsx, zip",
+        "ransomnotes-filenames": [
+          "_如何解密我的文件_.txt"
+        ],
+        "ransomnotes-refs": [
+          "https://1.bp.blogspot.com/-T0B4txHlNHs/Xh4-raVFVtI/AAAAAAAACTE/R-YoW8QHFLsuD140AF9vD-_rOifULExUgCLcBGAsYHQ/s1600/note.PNG"
+        ],
+        "refs": [
+          "https://bartblaze.blogspot.com/2020/01/satan-ransomware-rebrands-as-5ss5c.html"
+        ]
+      },
+      "uuid": "8ac9fc73-05db-4be8-8f46-33bbd6b3502b",
+      "value": "5ss5c Ransomware"
     }
   ],
-  "version": 76
+  "version": 77
 }

From 027d94e68a44b556b335bd43c3360b2da2d53617 Mon Sep 17 00:00:00 2001
From: StefanKelm <StefanKelm@users.noreply.github.com>
Date: Thu, 16 Jan 2020 16:59:22 +0100
Subject: [PATCH 2/2] Update ransomware.json

---
 clusters/ransomware.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index c591c683..a5098b1d 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13622,6 +13622,7 @@
     },
     {
       "description": "The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named 5ss5c. [...] It will however only encrypt files with the following extensions: 7z, bak, cer, csv, db, dbf, dmp, docx, eps, ldf, mdb, mdf, myd, myi, ora, pdf, pem, pfx, ppt, pptx, psd, rar, rtf, sql, tar, txt, vdi, vmdk, vmx, xls, xlsx, zip",
+      "meta": {
         "ransomnotes-filenames": [
           "_如何解密我的文件_.txt"
         ],