From d6e4c166c5103f3d5e768fbd4627beadf7c78e1b Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Fri, 4 May 2018 15:59:37 +0200
Subject: [PATCH] add an unnamed ransomware

---
 clusters/ransomware.json | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 1119ebf4..7aa7e0d3 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -9655,6 +9655,23 @@
         ]
       },
       "uuid": "94290f1c-46ff-11e8-b9c6-ef8852c58952"
+    },
+    {
+      "value": "Unnamed ramsomware 1",
+      "description": "A new in-development ransomware was discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executables compiles an embedded encrypted C# program at runtime and launches it directly into memory.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/"
+        ],
+        "extensions": [
+          "sequre@tuta.io_[hex]"
+        ],
+        "ransomnotes": [
+          "HOW DECRIPT FILES.hta",
+          "https://www.bleepstatic.com/images/news/ransomware/c/compiled-ransomware/ransom-note.jpg"
+        ]
+      },
+      "uuid": "c1788ac0-4fa0-11e8-b0fd-63f5a2914926"
     }
   ],
   "source": "Various",