mirror of https://github.com/MISP/misp-galaxy
add ransomwares
parent
c81f128d98
commit
6382857ee3
|
@ -10014,7 +10014,8 @@
|
||||||
".qweuirtksd",
|
".qweuirtksd",
|
||||||
".mammon",
|
".mammon",
|
||||||
".omerta",
|
".omerta",
|
||||||
".bomber"
|
".bomber",
|
||||||
|
".CRYPTO"
|
||||||
],
|
],
|
||||||
"ransomnotes": [
|
"ransomnotes": [
|
||||||
"IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT",
|
"IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT",
|
||||||
|
@ -10026,7 +10027,9 @@
|
||||||
"!!!ReadMeToDecrypt.txt",
|
"!!!ReadMeToDecrypt.txt",
|
||||||
"Attention, all your files are encrypted with the AES cbc-128 algorithm!\n\n It's not a virus like WannaCry and others, I hacked your computer,\nThe encryption key and bitcoin wallet are unique to your computer,\nso you are guaranteed to be able to return your files.\n \nBut before you pay, you can make sure that I can really decrypt any of your files.\n\n To do this, send me several encrypted files to kathi.bell.1997@outlook.com, a maximum of 5 megabytes each, I will decrypt them\nand I will send you back. No more than 5 files. Do not forget to send in the letter bitcoin address 1Ne5yGtfycobLgXZn5WSN5jmGbVRyTUf48 from this file.\n \nAfter that, pay the decryption in the amount of 500$ to the bitcoin address: 1Ne5yGtfycobLgXZn5WSN5jmGbVRyTUf48\nAfter payment, send me a letter to kathi.bell.1997@outlook.com with payment notification.\nOnce payment is confirmed, I will send you a decryption program.\n \nYou can pay bitcoins online in many ways:\nhttps://buy.blockexplorer.com/ - payment by bank card\nhttps://www.buybitcoinworldwide.com/\nhttps://localbitcoins.net\n \nAbout Bitcoins:\nhttps://en.wikipedia.org/wiki/Bitcoin\n\n If you have any questions, write to me at kathi.bell.1997@outlook.com\n\n As a bonus, I will tell you how hacked your computer is and how to protect it in the future.",
|
"Attention, all your files are encrypted with the AES cbc-128 algorithm!\n\n It's not a virus like WannaCry and others, I hacked your computer,\nThe encryption key and bitcoin wallet are unique to your computer,\nso you are guaranteed to be able to return your files.\n \nBut before you pay, you can make sure that I can really decrypt any of your files.\n\n To do this, send me several encrypted files to kathi.bell.1997@outlook.com, a maximum of 5 megabytes each, I will decrypt them\nand I will send you back. No more than 5 files. Do not forget to send in the letter bitcoin address 1Ne5yGtfycobLgXZn5WSN5jmGbVRyTUf48 from this file.\n \nAfter that, pay the decryption in the amount of 500$ to the bitcoin address: 1Ne5yGtfycobLgXZn5WSN5jmGbVRyTUf48\nAfter payment, send me a letter to kathi.bell.1997@outlook.com with payment notification.\nOnce payment is confirmed, I will send you a decryption program.\n \nYou can pay bitcoins online in many ways:\nhttps://buy.blockexplorer.com/ - payment by bank card\nhttps://www.buybitcoinworldwide.com/\nhttps://localbitcoins.net\n \nAbout Bitcoins:\nhttps://en.wikipedia.org/wiki/Bitcoin\n\n If you have any questions, write to me at kathi.bell.1997@outlook.com\n\n As a bonus, I will tell you how hacked your computer is and how to protect it in the future.",
|
||||||
"Attention, all your files are encrypted with the AES cbc-128 algorithm!\n \nIt's not a virus like WannaCry and others, I hacked your computer,\nThe encryption key and bitcoin wallet are unique to your computer,\nso you are guaranteed to be able to return your files.\n \nBut before you pay, you can make sure that I can really decrypt any of your files.\n \nTo do this, send me several encrypted files to cyrill.fedor0v@yandex.com, a maximum of 5 megabytes each, I will decrypt them\nand I will send you back. No more than 5 files. Do not forget to send in the letter bitcoin address 1BhHZxek7iUTm1mdrgax6yVrPzViqLhr9u from this file.\n \nAfter that, pay the decryption in the amount of 500$ to the bitcoin address: 1BhHZxek7iUTm1mdrgax6yVrPzViqLhr9u\nAfter payment, send me a letter to cyrill.fedor0v@yandex.com with payment notification.\nOnce payment is confirmed, I will send you a decryption program.\n \nYou can pay bitcoins online in many ways:\nhttps://buy.blockexplorer.com/ - payment by bank card\nhttps://www.buybitcoinworldwide.com/\nhttps://localbitcoins.net\n \nAbout Bitcoins:\nhttps://en.wikipedia.org/wiki/Bitcoin\n\n If you have any questions, write to me at cyrill.fedor0v@yandex.com\n \nAs a bonus, I will tell you how hacked your computer is and how to protect it in the future.",
|
"Attention, all your files are encrypted with the AES cbc-128 algorithm!\n \nIt's not a virus like WannaCry and others, I hacked your computer,\nThe encryption key and bitcoin wallet are unique to your computer,\nso you are guaranteed to be able to return your files.\n \nBut before you pay, you can make sure that I can really decrypt any of your files.\n \nTo do this, send me several encrypted files to cyrill.fedor0v@yandex.com, a maximum of 5 megabytes each, I will decrypt them\nand I will send you back. No more than 5 files. Do not forget to send in the letter bitcoin address 1BhHZxek7iUTm1mdrgax6yVrPzViqLhr9u from this file.\n \nAfter that, pay the decryption in the amount of 500$ to the bitcoin address: 1BhHZxek7iUTm1mdrgax6yVrPzViqLhr9u\nAfter payment, send me a letter to cyrill.fedor0v@yandex.com with payment notification.\nOnce payment is confirmed, I will send you a decryption program.\n \nYou can pay bitcoins online in many ways:\nhttps://buy.blockexplorer.com/ - payment by bank card\nhttps://www.buybitcoinworldwide.com/\nhttps://localbitcoins.net\n \nAbout Bitcoins:\nhttps://en.wikipedia.org/wiki/Bitcoin\n\n If you have any questions, write to me at cyrill.fedor0v@yandex.com\n \nAs a bonus, I will tell you how hacked your computer is and how to protect it in the future.",
|
||||||
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/september/14/Scarab-ransomware.jpg"
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/september/14/Scarab-ransomware.jpg",
|
||||||
|
"HOW TO RECOVER ENCRYPTED FILES.TXT",
|
||||||
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsnFZrGX4AE2H1c[1].jpg"
|
||||||
],
|
],
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.bleepingcomputer.com/news/security/scarab-ransomware-pushed-via-massive-spam-campaign/",
|
"https://www.bleepingcomputer.com/news/security/scarab-ransomware-pushed-via-massive-spam-campaign/",
|
||||||
|
@ -10860,14 +10863,16 @@
|
||||||
"extensions": [
|
"extensions": [
|
||||||
".[everbe@airmail.cc].everbe",
|
".[everbe@airmail.cc].everbe",
|
||||||
".embrace",
|
".embrace",
|
||||||
"pain"
|
"pain",
|
||||||
|
".[yoursalvations@protonmail.ch].neverdies@tutanota.com"
|
||||||
],
|
],
|
||||||
"ransomnotes": [
|
"ransomnotes": [
|
||||||
"!=How_recovery_files=!.txt",
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsoIB_0U0AAXgEz[1].jpg"
|
||||||
"Hi !\nIf you want restore your files write on email - everbe@airmail.cc\nIn the subject write - id-de9bcb"
|
|
||||||
],
|
],
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-everbe-ransomware/"
|
"https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-everbe-ransomware/",
|
||||||
|
"https://twitter.com/malwrhunterteam/status/1065675918000234497",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "9d09ac4a-73a0-11e8-b71c-63b86eedf9a2",
|
"uuid": "9d09ac4a-73a0-11e8-b71c-63b86eedf9a2",
|
||||||
|
@ -10973,6 +10978,24 @@
|
||||||
"value": "KEYPASS"
|
"value": "KEYPASS"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
"description": "Emmanuel_ADC-Soft found a new STOP Ransomware variant that appends the .INFOWAIT extension and drops a ransom note named !readme.txt.",
|
||||||
|
"meta": {
|
||||||
|
"extensions": [
|
||||||
|
".INFOWAIT",
|
||||||
|
"-DATASTOP",
|
||||||
|
".PUMA"
|
||||||
|
],
|
||||||
|
"ransomnotes": [
|
||||||
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsW33OQXgAAwJzv[1].jpg",
|
||||||
|
"!readme.txt",
|
||||||
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsobVENXcAAR3GC[1].jpg"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://twitter.com/Emm_ADC_Soft/status/1064459080016760833",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/",
|
||||||
|
"https://twitter.com/MarceloRivero/status/1065694365056679936"
|
||||||
|
]
|
||||||
|
},
|
||||||
"uuid": "c76c4d24-9f99-11e8-808d-a7f1c66a53c5",
|
"uuid": "c76c4d24-9f99-11e8-808d-a7f1c66a53c5",
|
||||||
"value": "STOP Ransomware"
|
"value": "STOP Ransomware"
|
||||||
},
|
},
|
||||||
|
@ -11407,12 +11430,21 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
"extensions": [
|
||||||
|
".demonslay335_you_cannot_decrypt_me!",
|
||||||
|
".malwarehunterteam"
|
||||||
|
],
|
||||||
"ransomnotes": [
|
"ransomnotes": [
|
||||||
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsiUA0LXgAAoqkd[1].jpg"
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsiUA0LXgAAoqkd[1].jpg",
|
||||||
|
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsuMFrZW0AIIUXs[1].jpg"
|
||||||
],
|
],
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://twitter.com/petrovic082/status/1065223932637315074",
|
"https://twitter.com/petrovic082/status/1065223932637315074",
|
||||||
"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/"
|
"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/",
|
||||||
|
"https://twitter.com/demonslay335/status/1066099799705960448"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"DelphiMorix"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "7f82fb04-1bd2-40a1-9baa-895b53c6f7d4",
|
"uuid": "7f82fb04-1bd2-40a1-9baa-895b53c6f7d4",
|
||||||
|
|
Loading…
Reference in New Issue