From d8ac54d7d670f87e92b40f35e3ff56b40ffc5ba4 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 19 Jun 2024 10:45:09 +0200 Subject: [PATCH] chg: [ransomware] aligned with ransomlook.io --- clusters/ransomware.json | 142 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 134 insertions(+), 8 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index c9ced366..d728975d 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -27908,7 +27908,8 @@ "http://ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion/", "http://24kckepr3tdbcomkimbov5nqv2alos6vmrmlxdr76lfmkgegukubctyd.onion", "http://wlh3dpptx2gt7nsxcor37a3kiyaiy6qwhdv7o6nl6iuniu5ycze5ydid.onion/blog", - "http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion/" + "http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion/", + "https://wikileaksv2.com" ], "refs": [ "https://www.ransomlook.io/group/qilin" @@ -28233,7 +28234,8 @@ "links": [ "https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/", "https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/n", - "https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/" + "https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/", + "http://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/l" ], "refs": [ "https://www.ransomlook.io/group/akira" @@ -28660,7 +28662,12 @@ "links": [ "http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion", "http://xfv4jzckytb4g3ckwemcny3ihv4i5p4lqzdpi624cxisu35my5fwi5qd.onion", - "http://dlmfciajg5s4vliyo5dhs5jyzhi2xr2fnkebul46lpf4xudtqiue4nid.onion/" + "http://dlmfciajg5s4vliyo5dhs5jyzhi2xr2fnkebul46lpf4xudtqiue4nid.onion/", + "http://kyfiw76eol6ph2mq7pi5e5tdvce37bicddhai62qhdc5ja6jdchz4qqd.onion/", + "http://62foekhv5humjrfwjdyd2dgextpbf5i7obguhwvfoghmu3nxpkmxlcid.onion/", + "http://cx5u7zxbvrfyoj6ughw76oa264ucuuizmmzypwum6ear7pct4yc723qd.onion", + "http://hupxs7ps7md24kpz4lwsbra64abgxjx3pcc2wuca5ibawf2g5hlpfyqd.onion", + "http://osintcorp.net" ], "refs": [ "https://www.ransomlook.io/group/medusa", @@ -28707,7 +28714,8 @@ "links": [ "http://pa32ymaeu62yo5th5mraikgw5fcvznnsiiwti42carjliarodltmqcqd.onion", "http://hkpomcx622gnqp2qhenv4ceyrhwvld3zwogr4mnkdeudq2txf55keoad.onion", - "http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion" + "http://raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion", + "http://raworlddecssyq43oim3hxhc5oxvlbaxuj73xbz2pbbowso3l4kn27qd.onion/" ], "refs": [ "https://www.ransomlook.io/group/ra group" @@ -28803,7 +28811,8 @@ { "meta": { "links": [ - "http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog" + "http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog", + "http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion/login" ], "refs": [ "https://www.ransomlook.io/group/dragonforce" @@ -28817,7 +28826,10 @@ "meta": { "links": [ "http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/", - "http://mjmru3yz65o5szsp4rmkmh4adlezcpy5tqjjc4y5z6lozk3nnz2da2ad.onion/" + "http://mjmru3yz65o5szsp4rmkmh4adlezcpy5tqjjc4y5z6lozk3nnz2da2ad.onion/", + "http:// http://an2ce4pqpf2ipvba2djurxi5pnxxhu3uo7ackul6eafcundqtly7bhid.onion", + "http://fpwwt67hm3mkt6hdavkfyqi42oo3vkaggvjj4kxdr2ivsbzyka5yr2qd.onion", + "http://an2ce4pqpf2ipvba2djurxi5pnxxhu3uo7ackul6eafcundqtly7bhid.onion" ], "refs": [ "https://www.ransomlook.io/group/ransomhub" @@ -29147,7 +29159,8 @@ "description": "", "meta": { "links": [ - "http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion" + "http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion", + "http://5ntlvn7lmkezscee2vhatjaigkcu2rzj3bwhqaz32snmqc4jha3gcjad.onion" ], "refs": [ "https://www.ransomlook.io/group/embargo" @@ -29193,7 +29206,120 @@ }, "uuid": "ee97d01c-b8b9-5c36-9c27-134f8d2ee603", "value": "apos" + }, + { + "meta": { + "links": [ + "http://dataleakypypu7uwblm5kttv726l3iripago6p336xjnbstkjwrlnlid.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/el dorado" + ] + }, + "uuid": "15419dc6-8183-5805-aaba-9e7943bc164f", + "value": "el dorado" + }, + { + "meta": { + "links": [ + "http://ugn5khvt4kitlivv4ddfh3lb6mdhn2ud3ximcaypy73hxlk3arj2goad.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/locus" + ] + }, + "uuid": "37043fbf-a216-52ee-b8a7-3a604a87e9e2", + "value": "locus" + }, + { + "description": "Risen, which is a fully optimized and high-speed program, is the result of our years of experience in the field of malware writing. Risen is written in C language and completely using winapi. We produced many products with different features and options, but we came to the conclusion that none of the options have the benefit and efficiency they should; So, instead of spending time on useless and inefficient options, we decided to spend all our time on the strength, speed and security of our cryptography, and that's how we created Risen. Software features in version 1: \r
\r
\r
-Encryption security, utilizing Chacha20 and RSA 2048 algorithms.\r
-High encryption speed and software optimization\r
-compatible with all versions of Windows on any hardware without any issues.\r
-Automatic option settings, its easy to using and default configuration set to the best mode.\r
-Utilization of Threadpool method and queue creation for encryption.\r
-A powerful file unlocker, unlock files without closing processes.\r
-Safe deletion of backups, shadow copies, and all windows logs.\r
-A blog, Leak website, and management panel on TOR for leaking data of non-paying companies.\r
", + "meta": { + "links": [ + "http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/", + "http://o6pi3u67zyag73ligtsupin5rjkxpfrbofwoxnhimpgpfttxqu7lsuyd.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/risen" + ] + }, + "uuid": "8e3f7112-2f82-5c64-95ff-34bfad65cc0d", + "value": "risen" + }, + { + "meta": { + "links": [ + "https://xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/fog" + ] + }, + "uuid": "76f14732-0e0a-5fdd-847e-65bc41c150ea", + "value": "fog" + }, + { + "description": "Group is connected to Qilin.", + "meta": { + "links": [ + "https://wikileaksv2.com" + ], + "refs": [ + "https://www.ransomlook.io/group/wikileaksv2" + ] + }, + "uuid": "004c96b4-ce25-5593-9d50-8ada0b2b873f", + "value": "wikileaksv2" + }, + { + "meta": { + "links": [ + "http://gmixcebhni6c3kcf5m7xxybomaphj7pizoqtxiqmrz5wsh6g6x5s2wqd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/sensayq" + ] + }, + "uuid": "678e1d98-cc54-5e7f-89be-6dd6163877a0", + "value": "sensayq" + }, + { + "description": "", + "meta": { + "links": [ + "http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion/", + "http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion/articles" + ], + "refs": [ + "https://www.ransomlook.io/group/trinity" + ] + }, + "uuid": "cae0824e-2c3d-5db8-9e45-0f7251e5def1", + "value": "trinity" + }, + { + "meta": { + "links": [ + "http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/brain cipher" + ] + }, + "uuid": "a48c22f1-3f1f-583c-b94c-6feb2c0c1cf1", + "value": "brain cipher" + }, + { + "meta": { + "links": [ + "http://ugoakjk3v6hop3epjhdgn4num43ndb5glgixhraeg2xm455gxqtu2qid.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/synapse" + ] + }, + "uuid": "5403ebcb-2468-5280-8b70-b43ed33b0b46", + "value": "synapse" } ], - "version": 123 + "version": 125 }