From 590e292b6893134645f0bcd8dd1b9bfbc3024b79 Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Sun, 23 Feb 2020 16:01:45 +0100
Subject: [PATCH] add MedusaLocker ransomware

---
 clusters/malpedia.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/malpedia.json b/clusters/malpedia.json
index 53d27c7..c4e4bfe 100644
--- a/clusters/malpedia.json
+++ b/clusters/malpedia.json
@@ -18797,7 +18797,19 @@
       },
       "uuid": "721e9af0-8a60-4b9e-9137-c23e86d75722",
       "value": "Zyklon"
+    },
+    {
+      "description": "A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLocker avoids executable files, probably to avoid rendering the targeted system unusable for paying the ransom. It uses a combination of AES and RSA-2048, and reportedly appends extensions such as .encrypted, .bomber, .boroff, .breakingbad, .locker16, .newlock, .nlocker, and .skynet.",
+      "meta": {
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker"
+        ],
+        "synonyms": [],
+        "type": []
+      },
+      "uuid": "237a1c2e-fb14-583d-ab2c-71f10a52ec06",
+      "value": "MedusaLocker"
     }
   ],
-  "version": 2560
+  "version": 2561
 }