Merge pull request #383 from rmkml/master

Add BigBobRoss Ransomware
2019-04-17 08:26:42 +02:00 · 2019-04-17 08:26:42 +02:00 · d72ea0d83a
parent 9f20c7aac1 d16cc2e184
commit d72ea0d83a
2 changed files with 51 additions and 2 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -749,7 +749,17 @@
      },
      "uuid": "00815961-3249-4e2e-9421-bb57feb73bb2",
      "value": "Unknown"
+    },
+    {
+      "description": "The Spelevo exploit kit seems to have similarities to SPL EK, which is a different exploit kit.",
+      "meta": {
+        "refs": [
+          "https://cyberwarzone.com/what-is-the-spelevo-exploit-kit/"
+        ]
+      },
+      "uuid": "00715961-2249-3e2e-8420-bb47feb73bb2",
+      "value": "SpelevoEK"
    }
  ],
-  "version": 13
+  "version": 14
 }
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -13098,7 +13098,46 @@
      },
      "uuid": "7cfa694a-1e5b-300a-627f-027d881870b1",
      "value": "Tellyouthepass"
+    },
+    {
+      "description": "BigBobRoss ransomware is the cryptovirus that requires a ransom in Bitcoin to return encrypted files marked with .obfuscated appendix.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "refs": [
+          "https://www.2-spyware.com/remove-bigbobross-ransomware.html"
+        ]
+      },
+      "uuid": "8cfa684a-1e4b-309a-617f-026d881870b1",
+      "value": "BigBobRoss"
+    },
+    {
+      "description": "First discovered by malware security analyst, Lawrence Abrams, PLANETARY is an updated variant of another high-risk ransomware called HC7.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "refs": [
+          "https://www.pcrisk.com/removal-guides/12121-planetary-ransomware"
+        ]
+      },
+      "uuid": "6cfa664a-1e2b-329a-607f-026d781870b1",
+      "value": "Planetary"
+    },
+    {
+      "description": "Cr1ptT0r Ransomware Targets NAS Devices with Old Firmware.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "refs": [
+          "https://www.coveware.com/blog/2019/3/13/cr1ptt0r-ransomware-targets-nas-devices-with-old-firmware",
+          "https://malpedia.caad.fkie.fraunhofer.de/details/elf.cr1ptt0r"
+        ],
+        "synonyms": [
+          "Criptt0r",
+          "Cr1pt0r",
+          "Cripttor"
+        ]
+      },
+      "uuid": "8cfa554a-1e1b-328a-606f-026d771870b1",
+      "value": "Cr1ptT0r"
    }
  ],
-  "version": 57
+  "version": 60
 }