From c4eca7dfe157b9ac19b29c91888ebf26f1471bfb Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Mon, 13 Mar 2023 09:59:00 +0100
Subject: [PATCH] more from ransomlook

---
 clusters/ransomware.json | 53 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index fd8a2b7..f1529d7 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -14380,7 +14380,7 @@
         ]
       },
       "uuid": "c52a65d5-9bea-4a09-a81b-7f789ab48ce0",
-      "value": "Babuk Ranomsware"
+      "value": "Babuk Ransomsware"
     },
     {
       "description": "Darkside, the latest ransomware operation to emerge has been attacking organizations beginning earlier this month. Darkside’s customized attacks on companies have already garnered them million-dollar payouts.\nThrough their “press release”, these threat actors have claimed to be affiliated with prior ransomware operations making millions of dollars. They stated that they created this new product to match their needs, as prior products didn’t.\n Darkside explains that they only target companies they know that can pay the specified ransom. They have allegedly promised that they will not attack the following sectors. They include medicine, education, non-profit organizations, and the government sector.",
@@ -25165,6 +25165,57 @@
       ],
       "uuid": "ba42ab03-9d29-40c3-b3d4-c2045e47dc07",
       "value": "Avos"
+    },
+    {
+      "meta": {
+        "links": [
+          "http://anewset3pcya3xvk73hj7yunuamutxxsm5sohkdi32blhmql55tvgqad.onion"
+        ]
+      },
+      "uuid": "9850bffb-8cc6-45c7-9e6a-4c77fd5093c3",
+      "value": "Aztroteam"
+    },
+    {
+      "meta": {
+        "links": [
+          "http://nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid.onion/#section-3"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "c52a65d5-9bea-4a09-a81b-7f789ab48ce0",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "similar"
+        }
+      ],
+      "uuid": "05be1a86-92a9-48e1-8be1-9c1014dfd1cd",
+      "value": " Babuk-Locker"
+    },
+    {
+      "meta": {
+        "extension": [
+          ".babyduck"
+        ],
+        "links": [
+          "http://babydovegkmhbontykziyq7qivwzy33mu4ukqefe4mqpiiwd3wibnjqd.onion"
+        ],
+        "ransomnotes": [
+          "Ducky has got your flies encrypted!\n\nThis happened because you were not paying attention to your security.\n\nDucky will give you your files back if you pay him a bit of crypto.\n\nUse TOR browser (https://www.torproject.org/download/) apnd follow this link \n\n\nDon't worry, if you behave and pay - you'll get your files back;)\n\nYOUR KEY IS "
+        ],
+        "ransomnotes-files": [
+          "#README.babyduck"
+        ],
+        "ransomnotes-refs": [
+          "https://digitalrecovery.com/wp-content/uploads/2022/12/Ransomware-Baby-Duck.webp"
+        ],
+        "refs": [
+          "https://twitter.com/PolarToffee/status/1445873002801889280/photo/3"
+        ]
+      },
+      "uuid": "18e67723-a0de-4adf-aa28-f3e0b0d6d8ab",
+      "value": "Babyduck"
     }
   ],
   "version": 115