From 9225666b920f04654ecd1351b723711d16edba11 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 5 Oct 2018 11:09:45 +0200 Subject: [PATCH 1/3] add CoalaBot + Kraken Cryptor Ransmware + refs --- clusters/exploit-kit.json | 3 ++- clusters/tool.json | 11 ++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index 78b25e02..9b7e91ad 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -45,7 +45,8 @@ "meta": { "refs": [ "https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html", - "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/" + "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/", + "https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-now-installing-the-kraken-cryptor-ransomware/" ], "status": "Active", "synonyms": [ diff --git a/clusters/tool.json b/clusters/tool.json index dccdb002..5f6c6f9e 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -5864,7 +5864,16 @@ ] }, "uuid": "8a2ae47a-c7b2-11e8-b223-ab4d8f78f3ef" + }, + { + "value": "CoalaBot", + "meta": { + "refs:": [ + "https://malware.dontneedcoffee.com/2017/10/coalabot-http-ddos-bot.html" + ] + }, + "uuid": "92628a72-c874-11e8-a094-ebbb3bd1f412" } ], - "version": 92 + "version": 93 } From 06c4869125affd971529b2b10a2d370178c199ef Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 5 Oct 2018 11:09:54 +0200 Subject: [PATCH 2/3] add CoalaBot + Kraken Cryptor Ransmware + refs --- clusters/ransomware.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 7a2a6d79..f69713d1 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -10583,7 +10583,18 @@ ] }, "uuid": "2aa481fe-c254-11e8-ad1c-efee78419960" + }, + { + "value": "Kraken Cryptor Ransomware", + "description": "The Kraken Cryptor Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it. ", + "meta":{ + "refs": [ + "https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-now-installing-the-kraken-cryptor-ransomware/", + "https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/" + ] + }, + "uuid": "c49f88f6-c87d-11e8-b005-d76e8162ced5" } ], - "version": 34 + "version": 35 } From 80bf2f55569b21916fa9295c3e4dd21a446f53ca Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 5 Oct 2018 12:04:13 +0200 Subject: [PATCH 3/3] jq --- clusters/ransomware.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index f69713d1..74e7c39c 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -10587,7 +10587,7 @@ { "value": "Kraken Cryptor Ransomware", "description": "The Kraken Cryptor Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it. ", - "meta":{ + "meta": { "refs": [ "https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-now-installing-the-kraken-cryptor-ransomware/", "https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/"