Merge pull request #516 from rmkml/master

add MedusaLocker ransomware
2020-02-23 16:06:45 +01:00 · 2020-02-23 16:06:45 +01:00 · ee63756cc5
parent c98093e6fe 590e292b68
commit ee63756cc5
1 changed files with 13 additions and 1 deletions
--- a/clusters/malpedia.json
+++ b/clusters/malpedia.json
@ -18797,7 +18797,19 @@
      },
      "uuid": "721e9af0-8a60-4b9e-9137-c23e86d75722",
      "value": "Zyklon"
+    },
+    {
+      "description": "A Windows ransomware that will run certain tasks to prepare the target system for the encryption of files. MedusaLocker avoids executable files, probably to avoid rendering the targeted system unusable for paying the ransom. It uses a combination of AES and RSA-2048, and reportedly appends extensions such as .encrypted, .bomber, .boroff, .breakingbad, .locker16, .newlock, .nlocker, and .skynet.",
+      "meta": {
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.medusalocker"
+        ],
+        "synonyms": [],
+        "type": []
+      },
+      "uuid": "237a1c2e-fb14-583d-ab2c-71f10a52ec06",
+      "value": "MedusaLocker"
    }
  ],
-  "version": 2560
+  "version": 2561
 }