MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add ShurL0ckr ransomware

pull/157/head
Deborah Servili 2018-02-20 11:19:55 +01:00
parent 42596842a8
commit 6147b89c4a
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/ransomware.json
View File

@ -8722,6 +8722,16 @@
"---= GANDCRAB =---\n\nAttention!\nAll your files documents, photos, databases and other important files are encrypted and have the extension: .GDCB \nThe only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.\nThe server with your key is in a closed network TOR. You can get there by the following ways:\n1. Download Tor browser - https://www.torproject.org/\n2. Install Tor browser\n3. Open Tor Browser\n4. Open link in tor browser:http://gdcbghvjyqy7jclk.onion/[id]\n5. Follow the instructions on this page\n\nIf Tor/Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:\n1. http://gdcbghvjyqy7jclk.onion.top/[id]\n2. http://gdcbghvjyqy7jclk.onion.casa/[id]\n3. http://gdcbghvjyqy7jclk.onion.guide/[id]\n4. http://gdcbghvjyqy7jclk.onion.rip/[id]\n5. http://gdcbghvjyqy7jclk.onion.plus/[id]\n\nOn our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.\n\nDANGEROUS!\nDo not try to modify files or use your own private key - this will result in the loss of your data forever!"
]
}
},
{
"value": "ShurL0ckr",
"description": "Security researchers uncovered a new ransomware named ShurL0ckr (detected by Trend Micro as RANSOM_GOSHIFR.B) that reportedly bypasses detection mechanisms of cloud platforms. Like Cerber and Satan, ShurL0ckrs operators further monetize the ransomware by peddling it as a turnkey service to fellow cybercriminals, allowing them to earn additional income through a commission from each victim who pays the ransom.",
"meta": {
"refs": [
"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/shurl0ckr-ransomware-as-a-service-peddled-on-dark-web-can-reportedly-bypass-cloud-applications"
],
"date": "Febuary 2018"
}
}
],
"source": "Various",