cryptomix - merge duplicates and update

2017-11-21 14:16:41 +01:00 · 2017-11-21 14:16:41 +01:00 · bd940d45ad
parent 6f79153169
commit bd940d45ad
1 changed files with 9 additions and 23 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -5018,16 +5018,22 @@
          ".id_*_email_zeta@dr.com",
          ".id_(ID_MACHINE)_email_anx@dr.com_.scl",
          ".email[supl0@post.com]id[\\[[a-z0-9]{16}\\]].lesli",
-          "*filename*.email[*email*]_id[*id*].rdmk"
+          "*filename*.email[*email*]_id[*id*].rdmk",
+          ".EMPTY",
+          ".0000"
        ],
        "ransomnotes": [
          "HELP_YOUR_FILES.html (CryptXXX)",
          "HELP_YOUR_FILES.txt (CryptoWall 3.0, 4.0)",
-          "INSTRUCTION RESTORE FILE.TXT"
+          "INSTRUCTION RESTORE FILE.TXT",
+          "# HELP_DECRYPT_YOUR_FILES #.TXT"
        ],
        "refs": [
          "http://www.nyxbone.com/malware/CryptoMix.html",
-          "https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/"
+          "https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/",
+          "https://twitter.com/JakubKroustek/status/804009831518572544",
+          "https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/",
+          "https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/"
        ]
      }
    },
@ -8326,26 +8332,6 @@
        ]
      }
    },
-    {
-      "value": "Zeta",
-      "description": "Ransomware",
-      "meta": {
-        "synonyms": [
-          "CryptoMix"
-        ],
-        "extensions": [
-          ".code",
-          ".scl",
-          ".rmd"
-        ],
-        "ransomnotes": [
-          "# HELP_DECRYPT_YOUR_FILES #.TXT"
-        ],
-        "refs": [
-          "https://twitter.com/JakubKroustek/status/804009831518572544"
-        ]
-      }
-    },
    {
      "value": "Zimbra",
      "description": "Ransomware mpritsken@priest.com",