mirror of https://github.com/MISP/misp-galaxy
managing duplicate
parent
8b10e3aaee
commit
fb5eb32a0e
|
@ -259,7 +259,7 @@
|
|||
"encryption": "AES",
|
||||
"ransomnotes": [
|
||||
"https://2.bp.blogspot.com/-ccU4txzjpWg/WMl33c7YD3I/AAAAAAAAESU/moLHgQnVMYstKuHKuNgWKz8VbNv5ECdzACLcB/s1600/lock-note.jpg",
|
||||
"FILES NUMBERED Your local drives, network folders, your external drives are encrypted using 256-bit encryption technology, this means your files are encrypted with a key. They cannot be opened without buying a decryption program and a private key, after the purchase, our program decrypts all your files and they will work like before. If you do not buy the program within 24 hours, then all your files will be permanently deleted. See the \"My Documents\" folder for more information in the file \"Beni Oku.txt\". Contact address: d3crypt0r@lelantos.org BTC address: 13hp68keuvogyjhvlf7xqmeox8dpr8odx5 You have to pay at BTC to the above address $ 150 Bitcoin You can do this by purchasing Bitcoinat www.localbitcoins.co Information: Using a computer recovery does not help. Antivirus scanning does not help to recover files, but can lead to loss.".
|
||||
"FILES NUMBERED Your local drives, network folders, your external drives are encrypted using 256-bit encryption technology, this means your files are encrypted with a key. They cannot be opened without buying a decryption program and a private key, after the purchase, our program decrypts all your files and they will work like before. If you do not buy the program within 24 hours, then all your files will be permanently deleted. See the \"My Documents\" folder for more information in the file \"Beni Oku.txt\". Contact address: d3crypt0r@lelantos.org BTC address: 13hp68keuvogyjhvlf7xqmeox8dpr8odx5 You have to pay at BTC to the above address $ 150 Bitcoin You can do this by purchasing Bitcoinat www.localbitcoins.co Information: Using a computer recovery does not help. Antivirus scanning does not help to recover files, but can lead to loss.",
|
||||
"Beni Oku.txt"
|
||||
],
|
||||
"refs": [
|
||||
|
@ -547,8 +547,7 @@
|
|||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2017/02/pyl33t-ransomware.html",
|
||||
"https://twitter.com/Jan0fficial/status/834706668466405377
|
||||
"
|
||||
"https://twitter.com/Jan0fficial/status/834706668466405377"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -639,7 +638,7 @@
|
|||
"How decrypt files.hta"
|
||||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2017/02/cryptconsole-2-ransomware.html",
|
||||
"https://id-ransomware.blogspot.co.il/2017/02/cryptconsole-2-ransomware.html"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -825,8 +824,7 @@
|
|||
"https://id-ransomware.blogspot.co.il/2017/02/hermes-ransomware.html",
|
||||
"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-17th-2017-live-hermes-reversing-and-scada-poc-ransomware/",
|
||||
"https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-support-decrypt-informationhtml/",
|
||||
"https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/
|
||||
"
|
||||
"https://www.bleepingcomputer.com/news/security/hermes-ransomware-decrypted-in-live-video-by-emsisofts-fabian-wosar/"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1283,8 +1281,7 @@
|
|||
"https://1.bp.blogspot.com/-B3o6bGziu_M/WHkyueI902I/AAAAAAAADGw/la7psCE9JEEe17GipFh69xVnIDYGFF38wCLcB/s1600/note-1-2.gif"
|
||||
],
|
||||
"refs": [
|
||||
"Sources:
|
||||
https://id-ransomware.blogspot.co.il/2017/01/lambdalocker.html",
|
||||
"https://id-ransomware.blogspot.co.il/2017/01/lambdalocker.html",
|
||||
"http://cfoc.org/how-to-restore-files-affected-by-the-lambdalocker-ransomware/"
|
||||
]
|
||||
}
|
||||
|
@ -1447,8 +1444,7 @@
|
|||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2017/02/dyna-crypt-ransomware.html",
|
||||
"https://www.bleepingcomputer.com/news/security/dyna-crypt-not-only-encrypts-your-files-but-also-steals-your-info/
|
||||
"
|
||||
"https://www.bleepingcomputer.com/news/security/dyna-crypt-not-only-encrypts-your-files-but-also-steals-your-info/"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1555,8 +1551,7 @@
|
|||
},
|
||||
{
|
||||
"value": "Evil Ransomware or File0Locked KZ Ransomware",
|
||||
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Domain KZ is used, therefore it is assumed that the decrypter is from Kazakhstan. Coded in Javascript
|
||||
",
|
||||
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Domain KZ is used, therefore it is assumed that the decrypter is from Kazakhstan. Coded in Javascript",
|
||||
"meta": {
|
||||
"date": "January 2017",
|
||||
"extensions": [
|
||||
|
@ -1757,8 +1752,7 @@
|
|||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2017/01/edgelocker-ransomware.html",
|
||||
"https://twitter.com/BleepinComputer/status/815392891338194945
|
||||
"
|
||||
"https://twitter.com/BleepinComputer/status/815392891338194945"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1882,8 +1876,7 @@
|
|||
"https://4.bp.blogspot.com/-Cw4e1drBKl4/WJCHmgp1vtI/AAAAAAAADfI/QqFxUsuad"
|
||||
],
|
||||
"refs": [
|
||||
" Sources and more info:
|
||||
https://id-ransomware.blogspot.co.il/2017/01/netflix-ransomware.html",
|
||||
"https://id-ransomware.blogspot.co.il/2017/01/netflix-ransomware.html",
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/netflix-scam-delivers-ransomware/",
|
||||
"https://www.bleepingcomputer.com/news/security/rogue-netflix-app-spreads-netix-ransomware-that-targets-windows-7-and-10-users/",
|
||||
"http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012",
|
||||
|
@ -1967,8 +1960,8 @@
|
|||
"https://id-ransomware.blogspot.co.il/2016/12/killdisk-ransomware.html",
|
||||
"https://www.bleepingcomputer.com/news/security/killdisk-ransomware-now-targets-linux-prevents-boot-up-has-faulty-encryption/",
|
||||
"https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/",
|
||||
"http://www.zdnet.com/article/247000-killdisk-ransomware-demands-a-fortune-forgets-to-unlock-files/
|
||||
http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware",
|
||||
"http://www.zdnet.com/article/247000-killdisk-ransomware-demands-a-fortune-forgets-to-unlock-files/",
|
||||
"http://www.securityweek.com/destructive-killdisk-malware-turns-ransomware",
|
||||
"http://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt/",
|
||||
"https://cyberx-labs.com/en/blog/new-killdisk-malware-brings-ransomware-into-industrial-domain/"
|
||||
]
|
||||
|
@ -2045,8 +2038,7 @@
|
|||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2016/12/alphabet-ransomware.html",
|
||||
"https://twitter.com/PolarToffee/status/812331918633172992
|
||||
"
|
||||
"https://twitter.com/PolarToffee/status/812331918633172992"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -2972,8 +2964,7 @@
|
|||
},
|
||||
{
|
||||
"value": "Dharma Ransomware",
|
||||
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS > Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant
|
||||
",
|
||||
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. CrySiS > Dharma Note: ATTENTION! At the moment, your system is not protected. We can fix it and restore files. To restore the system write to this address: bitcoin143@india.com. CrySiS variant",
|
||||
"meta": {
|
||||
"date": "November 2016",
|
||||
"extensions": [
|
||||
|
@ -3116,7 +3107,7 @@
|
|||
"Your files are locked !!.txt",
|
||||
"Your files are locked !!!.txt",
|
||||
"Your files are locked !!!!.txt",
|
||||
"%AppData%\\WinCL\\winclwp.jpg",
|
||||
"%AppData%\\WinCL\\winclwp.jpg"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/old-cryptolocker-copycat-named-pclock-resurfaces-with-new-attacks/",
|
||||
|
@ -3206,8 +3197,7 @@
|
|||
},
|
||||
{
|
||||
"value": "FuckSociety Ransomware",
|
||||
"description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. Hidden Tear >> APT Ransomware + HYPERLINK \"https://id-ransomware.blogspot.ru/2016/05/remindme-ransomware-2.html" \t "_blank\"
|
||||
RemindMe > FuckSociety",
|
||||
"description": "This is most likely to affect English speaking users, since the note is written in English. English is understood worldwide, thus anyone can be harmed. The hacker spread the virus using email spam, fake updates, and harmful attachments. All your files are compromised including music, MS Office, Open Office, pictures, videos, shared online files etc.. Hidden Tear >> APT Ransomware + HYPERLINK \"https://id-ransomware.blogspot.ru/2016/05/remindme-ransomware-2.html\" \t \"_blank\" RemindMe > FuckSociety",
|
||||
"meta": {
|
||||
"date": "November 2016",
|
||||
"extensions": [
|
||||
|
@ -3677,8 +3667,7 @@
|
|||
],
|
||||
"refs": [
|
||||
"https://id-ransomware.blogspot.co.il/2016/10/angryduck-ransomware.html",
|
||||
"https://twitter.com/demonslay335/status/790334746488365057
|
||||
"
|
||||
"https://twitter.com/demonslay335/status/790334746488365057"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -3768,8 +3757,7 @@
|
|||
"https://id-ransomware.blogspot.co.il/2016/10/japanlocker-ransomware.html",
|
||||
"https://www.cyber.nj.gov/threat-profiles/ransomware-variants/japanlocker",
|
||||
"https://github.com/fortiguard-lion/schRansomwareDecryptor/blob/master/schRansomwarev1_decryptor.php",
|
||||
"https://blog.fortinet.com/2016/10/19/japanlocker-an-excavation-to-its-indonesian-roots
|
||||
"
|
||||
"https://blog.fortinet.com/2016/10/19/japanlocker-an-excavation-to-its-indonesian-roots"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -3870,7 +3858,7 @@
|
|||
"meta": {
|
||||
"date": "October 2016",
|
||||
"extensions": [
|
||||
".NCRYPT",
|
||||
".NCRYPT",
|
||||
".ncrypt"
|
||||
],
|
||||
"encryption": "AES",
|
||||
|
|
Loading…
Reference in New Issue