From 7859c8dbd710d8bdb451044b85300f04dbdcae60 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 3 Apr 2020 16:19:45 +0200 Subject: [PATCH] Add coronavirus ransomware --- clusters/ransomware.json | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index f61e70a..6cf1827 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13773,7 +13773,25 @@ }, "uuid": "deed3c10-93b6-41b9-b150-f4dd1b665d87", "value": "Mespinoza" + }, + { + "description": "A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.\nWith the increasing fears and anxiety of the Coronavirus (COVID-19) outbreak, an attacker has started to build a campaign to distribute a malware cocktail consisting of the CoronaVirus Ransomware and the Kpot information-stealing Trojan.\nThis new ransomware was discovered by MalwareHunterTeam and after further digging into the source of the file, we have been able to determine how the threat actor plans on distributing the ransomware and possible clues suggesting that it may actually be a wiper.", + "meta": { + "ransomnotes-filenames": [ + "CoronaVirus.txt" + ], + "ransomnotes-refs": [ + "https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/ransom-note.jpg", + "https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/mbr-locker.jpg", + "https://www.bleepstatic.com/images/news/ransomware/c/coronavirus-ransomware/changed-mbrlocker-screen.jpg" + ], + "refs": [ + "https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/" + ] + }, + "uuid": "575b2b3c-d762-4ba6-acbd-51ecdb57249f", + "value": "CoronaVirus" } ], - "version": 84 + "version": 85 }