Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add ransomwares #294

Merged
merged 1 commit into from
Oct 31, 2018
Merged

add ransomwares #294

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 37 additions & 1 deletion clusters/ransomware.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11107,7 +11107,43 @@
},
"uuid": "76bfb132-cc70-11e8-8623-bb3f209be6c9",
"value": "SAVEfiles"
},
{
"description": "The File-Locker Ransomware is a Hidden Tear variant that is targeting victims in Korea. When victim's are infected it will leave a ransom requesting 50,000 Won, or approximately 50 USD, to get the files back. This ransomware uses AES encryption with a static password of \"dnwls07193147\", so it is easily decryptable.",
"meta": {
"extensions": [
".locked"
],
"ransomnotes": [
"Warning!!!!!!.txt",
"https://www.bleepstatic.com/images/news/ransomware/f/file-locker/ransom-note%20-%20Copy.jpg",
"한국어: 경고!!! 모든 문서, 사진, 데이테베이스 및 기타 중요한 파일이 암호화되었습니다!!\n당신은 돈을 지불해야 합니다\n비트코인 5만원을 fasfry2323@naver.com로 보내십시오 비트코인 지불코드: 1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX 결제 사이트 http://www.localbitcoins.com/ \nEnglish: Warning!!! All your documents, photos, databases and other important personal files were encrypted!!\nYou have to pay for it.\nSend fifty thousand won to fasfry2323@naver.com Bitcoin payment code: 1BoatSLRHtKNngkdXEeobR76b53LETtpyT Payment site http://www.localbitcoins.com/"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/"
]
},
"uuid": "c06a1938-dcee-11e8-bc74-474b0080f0e5",
"value": "File-Locker"
},
{
"description": "A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files.",
"meta": {
"extensions": [
".[old@nuke.africa].CommonRansom"
],
"ransomnotes": [
"DECRYPTING.txt",
"https://www.bleepstatic.com/images/news/ransomware/c/CommonRansom/ransom-note.jpg",
"+-----------------------+\n¦----+CommonRansom+-----¦\n+-----------------------+\nHello dear friend,\nYour files were encrypted!\nYou have only 12 hours to decrypt it\nIn case of no answer our team will delete your decryption password\nWrite back to our e-mail: old@nuke.africa\n\n\nIn your message you have to write:\n1. This ID-[VICTIM_ID]\n2. [IP_ADDRESS]:PORT(rdp) of infected machine\n3. Username:Password with admin rights\n4. Time when you have paid 0.1 btc to this bitcoin wallet:\n35M1ZJhTaTi4iduUfZeNA75iByjoQ9ibgF\n\n\nAfter payment our team will decrypt your files immediatly\n\n\nFree decryption as guarantee:\n1. File must be less than 10MB\n2. Only .txt or .lnk files, no databases\n3. Only 5 files\n\n\nHow to obtain bitcoin:\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\nhttps://localbitcoins.com/buy_bitcoins\nAlso you can find other places to buy Bitcoins and beginners guide here:\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/"
],
"refs": [
"https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/"
]
},
"uuid": "c0dffb94-dcee-11e8-81b9-3791d1c6638f",
"value": "CommonRansom"
}
],
"version": 39
"version": 40
}