From c2b49e5ecd51f9b4cbd36a534dbfe3d1451a7b8e Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 4 Dec 2017 12:21:21 +0100 Subject: [PATCH] update cryptomix --- clusters/ransomware.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 6028704..38f1e78 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -5021,7 +5021,8 @@ "*filename*.email[*email*]_id[*id*].rdmk", ".EMPTY", ".0000", - ".XZZX" + ".XZZX", + ".TEST" ], "ransomnotes": [ "HELP_YOUR_FILES.html (CryptXXX)", @@ -5032,7 +5033,8 @@ "C:\\ProgramData\\[random].exe", "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nempty01@techmail.info\n\nempty02@yahooweb.co\n\nempty003@protonmail.com\n\nWe will help You as soon as possible!\n\nDECRYPT-ID-[id] number", "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ny0000@tuta.io\n\ny0000@protonmail.com\n\ny0000z@yandex.com\n\ny0000s@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id]", - "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nxzzx@tuta.io\n\nxzzx1@protonmail.com\n\nxzzx10@yandex.com\n\nxzzx101@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id] number" + "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nxzzx@tuta.io\n\nxzzx1@protonmail.com\n\nxzzx10@yandex.com\n\nxzzx101@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id] number", + "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ntest757@tuta.io\n\ntest757@protonmail.com\n\ntest757xz@yandex.com\n\ntest757xy@yandex.com\n\ntest757@consultant.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number" ], "refs": [ "http://www.nyxbone.com/malware/CryptoMix.html", @@ -5040,7 +5042,8 @@ "https://twitter.com/JakubKroustek/status/804009831518572544", "https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/", "https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/", - "https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-variant-released/" + "https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-variant-released/", + "https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/" ] } },