add some clusters

2018-06-13 10:39:11 +02:00 · 2018-06-13 10:39:11 +02:00 · c17a2aa7cc
parent 508bb081c8
commit c17a2aa7cc
2 changed files with 40 additions and 0 deletions
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -9713,6 +9713,36 @@
        ]
      },
      "uuid": "5a53eec2-6993-11e8-a4d5-67480005dcbd"
+    },
+    {
+      "value": "CryBrazil",
+      "description": "Mostly Hidden Tear with some codes from Eda2 & seems compiled w/ Italian VS. Maybe related to OpsVenezuela?",
+      "meta": {
+        "refs": [
+          "https://twitter.com/malwrhunterteam/status/1002953824590614528",
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/"
+        ],
+        "extensions": [
+          ".crybrazil"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/crybrazil.jpg"
+        ]
+      },
+      "uuid": "30625df6-6e3e-11e8-b0cf-a7103cb03e05"
+    },
+    {
+      "value": "Pedcont",
+      "description": "new destrucrtive ransomware called Pedcont that claims to encrypt files because the victim has accessed illegal content on the deep web. The screen then goes blank and becomes unresponsive.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/ "
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/8/De00yEDVQAE_p9z[1].jpg"
+        ]
+      },
+      "uuid": "b0e074fc-6e45-11e8-8366-dbfc88552a23 "
    }
  ],
  "source": "Various",
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -4282,6 +4282,16 @@
          "https://www.bleepingcomputer.com/news/security/lol-babayaga-wordpress-malware-updates-your-site/"
        ]
      }
+    },
+    {
+      "uuid": "10f50ef8-6e3b-11e8-a648-d73fb4d2f48e",
+      "value": "InvisiMole",
+      "description": "Except for the malware's binary file, very little is known of who's behind it, how it spreads, or in what types of campaigns has this been used.\n\n\"Our telemetry indicates that the malicious actors behind this malware have been active at least since 2013, yet the cyber-espionage tool was never analyzed nor detected until discovered by ESET products on compromised computers in Ukraine and Russia,\" said ESET researcher Zuzana Hromcová, who recently penned an in-depth report about this new threat.\n\n\"All infection vectors are possible, including installation facilitated by physical access to the machine,\" Hromcová added.\n\nTypical to malware used in highly-targeted attacks, the malware has been stripped of most clues that could lead researchers back to its author. With the exception of one file (dating to October 13, 2013), all compilation dates have been stripped and replaced with zeros, giving little clues regarding its timeline and lifespan.\n\nFurthermore, the malware is some clever piece of coding in itself, as it's comprised of two modules, both with their own set of spying features, but which can also help each other in exfiltrating data.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/invisimole-is-a-complex-spyware-that-can-take-pictures-and-record-audio/"
+        ]
+      }
    }
  ],
  "authors": [