MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Update Ransomware galaxy 

Date: 2019-04-11
Author: SwitHak
Purpose: Add 3 meta tag to be able to give specification of extensions usage:  
- ransomware-appended-extension
   -> This is the extension added by the ransomware to the files.
- ransomware-encrypted-extensions",
   -> This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order.
- ransomware-excluded-extensions",
    -> This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order.

If I missed something, tell me through the PR or via Twitter: @SwitHak
pull/142/head
SwitHak 2019-04-11 23:11:49 +02:00 committed by GitHub
parent 186bf75aaa
commit ac6b8127fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ransomware/machinetag.json
View File

@ -2,7 +2,7 @@
"namespace": "ransomware",
"expanded": "ransomware types and elements",
"description": "Ransomware is used to define ransomware types and the elements that compose them.",
"version": 2,
"version": 2.1,
"refs": [
"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf",
"https://docs.apwg.org/ecrimeresearch/2018/5357083.pdf",
@ -40,7 +40,7 @@
},
{
"value": "locker-ransomware",
"expanded": "Locker eansomware, also called computer locker, denies access to the computer or device "
"expanded": "Locker ransomware, also called computer locker, denies access to the computer or device "
},
{
"value": "crypto-ransomware",
@ -55,6 +55,18 @@
"value": "ransomnote",
"expanded": "A ransomnote is the message left by the attacker to threaten his victim and ask for ransom. It is usually seen as a text file or a picture set as background."
},
{
"value": "ransomware-appended-extension",
"expanded": "This is the extension added by the ransomware to the files."
},
{
"value": "ransomware-encrypted-extensions",
"expanded": "This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order."
},
{
"value": "ransomware-excluded-extensions",
"expanded": "This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order."
},
{
"value": "dropper",
"expanded": "A dropper is a means of getting malware into a machine while bypassing the security checks by carring the malware inside of itself."