add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot

clusters/botnet.json

@@ -1245,7 +1245,53 @@
       },
       "uuid": "37c5d3ad-9057-4fcb-9fb3-4f7e5377a304",
       "value": "Glupteba"
+    },
+    {
+      "description": "DDoS Botnet",
+      "meta": {
+        "refs": [
+          "https://www.virusbulletin.com/conference/vb2016/abstracts/elknot-ddos-botnets-we-watched",
+          "https://www.virusbulletin.com/uploads/pdf/conference_slides/2016/Liu_Wang-vb-2016-TheElknotDDoSBotnetsWeWatched.pdf"
+        ],
+        "synonyms": [
+          "Linux/BillGates",
+          "BillGates"
+        ]
+      },
+      "uuid": "98392af9-d4a4-4e63-aded-f802a0fa6ef7",
+      "value": "Elknot"
+    },
+    {
+      "description": "Advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html",
+          "https://www.cisa.gov/uscert/ncas/alerts/aa22-054a"
+        ]
+      },
+      "uuid": "98392af9-d4a4-4e63-aded-f802a0fa6ef7",
+      "value": "Cyclops Blink"
+    },
+    {
+      "description": "Botnet",
+      "meta": {
+        "refs": [
+          "https://blog.netlab.360.com/abcbot_an_evolving_botnet_en"
+        ]
+      },
+      "uuid": "bcc60155-e824-4adb-a906-eec43c2d1ae8",
+      "value": "Abcbot"
+    },
+    {
+      "description": "Botnet",
+      "meta": {
+        "refs": [
+          "https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days"
+        ]
+      },
+      "uuid": "3e40c1af-51f5-4b02-b189-74567125c6e0",
+      "value": "Ripprbot"
     }
   ],
-  "version": 24
+  "version": 25
 }

clusters/ransomware.json

@@ -24419,7 +24419,51 @@
       ],
       "uuid": "e6c09b63-a424-4d9e-b7f7-b752cbbca02a",
       "value": "BlackCat"
+    },
+    {
+      "description": "Ransomware",
+      "meta": {
+        "refs": [
+          "https://www.cyclonis.com/mount-locker-ransomware-more-dangerous",
+          "https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game"
+        ]
+      },
+      "uuid": "1da28691-684a-4cd2-b2f8-e80a123e150c",
+      "value": "Mount Locker"
+    },
+    {
+      "description": "Ransomware",
+      "meta": {
+        "refs": [
+          "https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/",
+          "https://news.sophos.com/en-us/2021/03/31/sophos-mtr-in-real-time-what-is-astro-locker-team/"
+        ]
+      },
+      "uuid": "1da28691-684a-4cd2-b2f8-e80a123e150c",
+      "value": "Astro Locker"
+    },
+    {
+      "description": "Ransomware ",
+      "meta": {
+        "refs": [
+          "https://twitter.com/malwrhunterteam/status/1501857263493001217",
+          "https://dissectingmalwa.re/blog/pandora"
+        ]
+      },
+      "uuid": "bb6d933f-7b6d-4694-853d-1ca400f6bd8f",
+      "value": "Pandora"
+    },
+    {
+      "description": "Ransomware",
+      "meta": {
+        "refs": [
+          "https://www.sentinelone.com/labs/new-rook-ransomware-feeds-off-the-code-of-babuk",
+          "https://twitter.com/techyteachme/status/1464317136944435209"
+        ]
+      },
+      "uuid": "bb6d933f-7b6d-4694-853d-1ca400f6bd8f",
+      "value": "Rook"
     }
   ],
-  "version": 100
+  "version": 101
 }