From 77db2370b1b932a175133e5a4a171cd8644d60c0 Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Wed, 7 Sep 2022 11:00:41 +0200
Subject: [PATCH] Add Lockbit synonym

---
 clusters/ransomware.json | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 67a8ef0..b8f79d5 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -14331,6 +14331,10 @@
     {
       "description": "LockBit operators tend to be very indiscriminate and opportunistic in their targeting. Actors behind this attack will use a variety of methods to gain initial access, up to and including basic methods such as brute force.\nAfter gaining initial access the actor follows a fairly typical escalation, lateral movement and ransomware execution playbook. LockBit operators tend to have a very brief dwell time, executing the final ransomware payload as quickly as they are able to.  LockBit ransomware has the built-in lateral movement features; given adequate permissions throughout the targeted environment.",
       "meta": {
+        "extensions": [
+          ".abcd",
+          ".LockBit"
+        ],
         "ransomnotes-filenames": [
           "Restore-My-Files.txt"
         ],
@@ -14340,7 +14344,10 @@
         "refs": [
           "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/",
           "https://usa.kaspersky.com/resource-center/threats/lockbit-ransomware"
-        ], "synonyms": ["ABCD ransomware"]
+        ],
+        "synonyms": [
+          "ABCD ransomware"
+        ]
       },
       "uuid": "8eda8bf1-db5a-412d-8511-45e2f7621d51",
       "value": "LockBit"