From c81f128d987102516d3b985a65399f1417c64334 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Tue, 27 Nov 2018 15:59:26 +0100
Subject: [PATCH] add ransomwares

---
 clusters/ransomware.json | 55 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 52 insertions(+), 3 deletions(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 736a5d4..7166074 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -3291,7 +3291,8 @@
           ".adobe",
           ".tron",
           ".AUDIT",
-          ".cccmn"
+          ".cccmn",
+          ".fire"
         ],
         "ransomnotes": [
           "README.txt",
@@ -3319,7 +3320,9 @@
           "https://twitter.com/JakubKroustek/status/1038680437508501504",
           "https://twitter.com/demonslay335/status/1059521042383814657",
           "https://twitter.com/demonslay335/status/1059940414147489792",
-          "https://twitter.com/JakubKroustek/status/1060825783197933568"
+          "https://twitter.com/JakubKroustek/status/1060825783197933568",
+          "https://twitter.com/JakubKroustek/status/1064061275863425025",
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/"
         ]
       },
       "uuid": "2b365b2c-4a9a-4b66-804d-3b2d2814fe7b",
@@ -11335,7 +11338,6 @@
       "value": "M@r1a ransomware"
     },
     {
-      "description": "",
       "meta": {
         "extensions": [
           "(enc) prepend"
@@ -11368,6 +11370,53 @@
       },
       "uuid": "f7fa6978-c932-4e62-b4fc-3fbbbc195602",
       "value": "PyCL Ransomware"
+    },
+    {
+      "description": "MalwareHunterTeam discovered the Vapor Ransomware that appends the .Vapor extension to encrypted files. Will delete files if you do not pay in time.",
+      "meta": {
+        "extensions": [
+          ".Vapor"
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/vapor.jpg"
+        ],
+        "refs": [
+          "https://twitter.com/malwrhunterteam/status/1063769884608348160",
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/"
+        ]
+      },
+      "uuid": "f53205a0-7a8f-41d1-a427-bf3ab9bd77bb",
+      "value": "Vapor Ransomware"
+    },
+    {
+      "description": "GrujaRS discovered a new ransomware called EnyBenyHorsuke Ransomware that appends the .Horsuke extension to encrypted files.",
+      "meta": {
+        "extensions": [
+          ".Horsuke "
+        ],
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsPVGaHXcAAtnXz[1].jpg"
+        ],
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/",
+          "https://twitter.com/GrujaRS/status/1063930127610986496"
+        ]
+      },
+      "uuid": "677aeb47-587d-40a4-80b7-22672ba1160c",
+      "value": "EnyBenyHorsuke Ransomware"
+    },
+    {
+      "meta": {
+        "ransomnotes": [
+          "https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/november/23/DsiUA0LXgAAoqkd[1].jpg"
+        ],
+        "refs": [
+          "https://twitter.com/petrovic082/status/1065223932637315074",
+          "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-23rd-2018-stop-dharma-and-more/"
+        ]
+      },
+      "uuid": "7f82fb04-1bd2-40a1-9baa-895b53c6f7d4",
+      "value": "DeLpHiMoRix"
     }
   ],
   "version": 44