From a2035e58405d75c114bb66dc86c23213aef0dc02 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 28 Aug 2017 11:14:27 +0200
Subject: [PATCH] add ransomwares

---
 clusters/ransomware.json | 72 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 772c65bd..e12d8195 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -8462,6 +8462,78 @@
           "http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-code-injecting-sorebrect-ransomware/"
         ]
       }
+    },
+    {
+      "value": "Cyron",
+      "description": "claims it detected \"Children Pornsites\" in your browser history",
+      "meta": {
+        "extensions": [
+          ".CYRON"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DHvA8CDWAAIR5er.jpg"
+        ],
+        "refs": [
+          "https://twitter.com/struppigel/status/899524853426008064"
+        ]
+      }
+    },
+    {
+      "value": "Kappa",
+      "description": "Made with OXAR builder; decryptable",
+      "meta": {
+        "extensions": [
+          ".OXR"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DHvDae7XoAE9usO[1].jpg"
+        ],
+        "refs": [
+          "https://twitter.com/struppigel/status/899528477824700416"
+        ]
+      }
+    },
+    {
+      "value": "Trojan Dz",
+      "description": "CyberSplitter variant",
+      "meta": {
+        "extensions": [
+          ".Isis"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DHvM552WsAAuDbi[1].jpg"
+        ],
+        "refs": [
+          "https://twitter.com/struppigel/status/899537940539478016"
+        ]
+      }
+    },
+    {
+      "value": "Xolzsec",
+      "description": "ransomware written by self proclaimed script kiddies that should really be considered trollware",
+      "meta": {
+        "extensions": [
+          ".xolzsec"
+        ],
+        "refs": [
+          "https://twitter.com/struppigel/status/899916577252028416"
+        ]
+      }
+    },
+    {
+      "value": "FlatChestWare",
+      "description": "HiddenTear variant; decryptable",
+      "meta": {
+        "extensions": [
+          ".flat"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2017/august/25/DH5KChhXsAADOIu[1].jpg"
+        ],
+        "refs": [
+          "https://twitter.com/struppigel/status/900238572409823232"
+        ]
+      }
     }
   ],
   "source": "Various",