From cd5883377070d2c72bf2abc0e7fb7ca048af591c Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Wed, 15 May 2019 21:02:32 +0200
Subject: [PATCH] Add Phobos Ransomware

---
 clusters/ransomware.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index beef9af..7b6b8cd 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13137,7 +13137,18 @@
       },
       "uuid": "8cfa554a-1e1b-328a-606f-026d771870b1",
       "value": "Cr1ptT0r"
+    },
+    {
+      "description": "Phobos exploits open or poorly secured RDP ports to sneak inside networks and execute a ransomware attack, encrypting files and demanding a ransom be paid in bitcoin for returning the files, which in this case are locked with a .phobos extension.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "refs": [
+          "https://www.zdnet.com/article/new-phobos-ransomware-exploits-weak-security-to-hit-targets-around-the-world/"
+        ]
+      },
+      "uuid": "6cfa554a-1e1b-327a-605f-025d761570b1",
+      "value": "Phobos"
     }
   ],
-  "version": 60
+  "version": 61
 }