Remove duplicates

2017-07-26 14:57:14 +02:00 · 2017-07-26 14:57:14 +02:00 · 81d304345f
parent 282c3a8101
commit 81d304345f
2 changed files with 5 additions and 48 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -384,11 +384,11 @@
        "ransomnotes": [
          "https://3.bp.blogspot.com/-QuBYcLAKRPU/WLnE3Rn3MhI/AAAAAAAAEH4/WnC5Ke11j4MO7wmnfqBhtA-hpx6YN6TBgCLcB/s1600/note_2.png"
        ],
-        "encryption": "AES",
+        "encryption": "AES-256+RSA",
        "extensions": [
          ".locked"
        ],
-        "date": "March 2017"
+        "date": "February 2017"
      },
      "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. Based on HiddenTear",
      "value": "FabSysCrypto Ransomware"
@ -712,20 +712,6 @@
      "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. PAYING RANSOM IS USELESS, YOUR FILES WILL NOT BE FIXED. THE DAMAGE IS PERMENENT!!!!",
      "value": "AvastVirusinfo Ransomware"
    },
-    {
-      "meta": {
-        "refs": [
-          "https://id-ransomware.blogspot.co.il/2017/03/fabsyscrypto-ransomware.html"
-        ],
-        "ransomnotes": [
-          "https://3.bp.blogspot.com/-QuBYcLAKRPU/WLnE3Rn3MhI/AAAAAAAAEH4/WnC5Ke11j4MO7wmnfqBhtA-hpx6YN6TBgCLcB/s1600/note_2.png"
-        ],
-        "encryption": "AES-256+RSA",
-        "date": "February 2017"
-      },
-      "description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc..",
-      "value": "FabSysCrypto Ransomware"
-    },
    {
      "meta": {
        "refs": [
@ -1916,26 +1902,6 @@
      "description": "It’s directed to English speaking users, therefore is able to infect worldwide.  It is spread using email spam, fake updates, attachments and so on.  It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. This ransomware uses the known online library as a decoy. It poses as Netflix Code generator for Netflix login, but instead encrypts your files. The ransom is 100$ in Bitcoins.",
      "value": "Netflix Ransomware"
    },
-    {
-      "meta": {
-        "refs": [
-          "https://id-ransomware.blogspot.co.il/2017/01/cryptoshield-ransomware.html",
-          "https://www.bleepingcomputer.com/news/security/cryptomix-variant-named-cryptoshield-1-0-ransomware-distributed-by-exploit-kits/"
-        ],
-        "ransomnotes": [
-          "# RESTORING FILES #.txt",
-          "# RESTORING FILES #.html",
-          "https://2.bp.blogspot.com/-A-N9zQgZrhE/WJHAHzuitvI/AAAAAAAADhI/AHkLaL9blZgqQWc-sTevVRTxVRttbugoQCLcB/s1600/note-2.png"
-        ],
-        "encryption": "AES-256",
-        "extensions": [
-          ".CRYPTOSHIELD (The name is first changed using ROT-13, and after a new extension is added.)"
-        ],
-        "date": "January 2017"
-      },
-      "description": "It’s directed to English speaking users, therefore is able to infect worldwide.  It is spread using email spam, fake updates, attachments and so on.  It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CryptoShield 1.0 is a ransomware from the CryptoMixfamily.",
-      "value": "CryptoShield 1.0 Ransomware"
-    },
    {
      "meta": {
        "synonyms": [
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -307,17 +307,6 @@
      "description": "jSpy is a Java RAT. ",
      "value": "jSpy"
    },
-    {
-      "meta": {
-        "refs": [
-          "http://lost-door.blogspot.lu/",
-          "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/",
-          "https://www.cyber.nj.gov/threat-profiles/trojan-variants/lost-door-rat"
-        ]
-      },
-      "description": "We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. ",
-      "value": "Lost Door"
-    },
    {
      "meta": {
        "refs": [
@ -820,7 +809,9 @@
    {
      "meta": {
        "refs": [
-          "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
+          "http://lost-door.blogspot.lu/",
+          "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/",
+          "https://www.cyber.nj.gov/threat-profiles/trojan-variants/lost-door-rat"
        ]
      },
      "description": "Unlike most attack tools that one can only find in cybercriminal underground markets, Lost Door is very easy to obtain. It’s promoted on social media sites like YouTube and Facebook. Its maker, “OussamiO,” even has his own Facebook page where details on his creation can be found. He also has a dedicated blog (hxxp://lost-door[.]blogspot[.]com/) where tutorial videos and instructions on using the RAT is found. Any cybercriminal or threat actor can purchase and use the RAT to launch attacks.",