MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

update GandCrab

pull/166/head
Deborah Servili 2018-03-09 15:35:42 +01:00
parent ca7034a117
commit 2fc9fb86d2
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/ransomware.json
View File

@ -9241,11 +9241,18 @@
"date": "January 2018",
"refs": [
"https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/",
"https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/"
"https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-being-distributed-via-malspam-disguised-as-receipts/",
"https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/"
],
"ransomnotes": [
"GDCB-DECRYPT.txt",
"---= GANDCRAB =---\n\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB \nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser:http://gdcbghvjyqy7jclk.onion/[id]\n5. Follow the instructions on this page\n\nIf Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:\n1. http://gdcbghvjyqy7jclk.onion.top/[id]\n2. http://gdcbghvjyqy7jclk.onion.casa/[id]\n3. http://gdcbghvjyqy7jclk.onion.guide/[id]\n4. http://gdcbghvjyqy7jclk.onion.rip/[id]\n5. http://gdcbghvjyqy7jclk.onion.plus/[id]\n\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\n\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!"
"CRAB-Decrypt.txt",
"---= GANDCRAB =---\n\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB \nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser:http://gdcbghvjyqy7jclk.onion/[id]\n5. Follow the instructions on this page\n\nIf Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:\n1. http://gdcbghvjyqy7jclk.onion.top/[id]\n2. http://gdcbghvjyqy7jclk.onion.casa/[id]\n3. http://gdcbghvjyqy7jclk.onion.guide/[id]\n4. http://gdcbghvjyqy7jclk.onion.rip/[id]\n5. http://gdcbghvjyqy7jclk.onion.plus/[id]\n\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\n\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!",
"---= GANDCRAB =---\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB\nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser: http://gdcbmuveqjsli57x.onion/[id]\n5. Follow the instructions on this page\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\nIf you can't download TOR and use it, or in your country TOR blocked, read it:\n1. Visit https://tox.chat/download.html\n2. Download and install qTOX on your PC.\n3. Open it, click \"New Profile\" and create profile.\n4. Search our contact - 6C5AD4057E594E090E0C987B3089F74335DA75F04B7403E0575663C26134956917D193B195A5\n5. In message please write your ID and wait our answer: 6361f798c4ba3647\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!"
],
"extensions" : [
".Crab",
".CRAB"
]
},
"uuid": "5920464b-e093-4fa0-a275-438dffef228f"