chg: [ransomware] updated to the latest version

Author: adulau

clusters/ransomware.json

@@ -9397,6 +9397,10 @@
       "description": "Ransomware encrypts disk partitions PDFBewerbungsmappe.exe",
       "meta": {
         "encryption": "Modified Salsa20",
+        "links": [
+          "http://petya37h5tbhyvki.onion",
+          "http://petya5koahtsf7sv.onion"
+        ],
         "payment-method": "Bitcoin - Website (onion)",
         "ransomnotes-filenames": [
           "YOUR_FILES_ARE_ENCRYPTED.TXT"
@@ -9405,7 +9409,8 @@
           "http://www.thewindowsclub.com/petya-ransomware-decrypt-tool-password-generator",
           "https://www.youtube.com/watch?v=mSqxFjZq_z4",
           "https://blog.malwarebytes.org/threat-analysis/2016/04/petya-ransomware/",
-          "https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/"
+          "https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/",
+          "https://www.ransomlook.io/group/petya"
         ],
         "synonyms": [
           "Goldeneye"
@@ -11001,6 +11006,9 @@
           ".xort",
           ".trun"
         ],
+        "links": [
+          "http://restoredz4xpmuqr.onion"
+        ],
         "payment-method": "Bitcoin",
         "price": "0.438",
         "ransomnotes-filenames": [
@@ -11010,7 +11018,8 @@
           "<random>.hta | VAULT.hta"
         ],
         "refs": [
-          "http://www.nyxbone.com/malware/russianRansom.html"
+          "http://www.nyxbone.com/malware/russianRansom.html",
+          "https://www.ransomlook.io/group/vaultcrypt"
         ],
         "synonyms": [
           "CrypVault",
@@ -14744,7 +14753,8 @@
           "http://npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad.onion",
           "http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/",
           "http://l4rdimrqyonulqjttebry4t6wuzgjv5m62rnpjho3q22a6maf6d5evyd.onion/",
-          "http://frgp3f3u2ddafv4ny7tqn6tc674m6fyymyywoaxot7xskbjmiyhhsyqd.onion/"
+          "http://frgp3f3u2ddafv4ny7tqn6tc674m6fyymyywoaxot7xskbjmiyhhsyqd.onion/",
+          "http://htmxyptur5wfjrd7uvg23snupub2pbtlfelk45n37b3augl2w4eearid.onion/remote0/"
         ],
         "ransomnotes-filenames": [
           "ClopReadMe.txt",
@@ -25422,6 +25432,12 @@
     },
     {
       "description": "ransomware",
+      "meta": {
+        "links": [],
+        "refs": [
+          "https://www.ransomlook.io/group/zeppelin"
+        ]
+      },
       "uuid": "bc62429c-1bf7-42c0-997d-d8c2f80355de",
       "value": "Zeppelin"
     },
@@ -27681,7 +27697,9 @@
           "http://databasebb3.top/",
           "http://l6zxfn3u2s4bl4vt3nvpve6uibqn3he3tgwdpkeeplhwlfwy3ifbt5id.onion/",
           "http://onlylegalstuff6.top/",
-          "https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/"
+          "https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/",
+          "http://bpeln2aqs66qqfuex2cvcyjiy5ggcwbyh5nbmxzxt6daamkmpmufv4qd.onion/",
+          "http://ond5arqab77n6tykvi4aqp7oqegqdfgqfyf7fzyhfyhmbp7iafpzdtad.onion/"
         ],
         "ransomnotes": [
           "Your data are stolen and encrypted\nThe data will be published on TOR website if you do not pay the ransom\nYou can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565y1u2c6Lay6yfiebkcbtvvcytyolt33s77xypi7nypxyd.onion/ \n\nYour company id for log in: [REDACTED]"
@@ -29609,7 +29627,8 @@
           "http://myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad.onion/chat",
           "http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion",
           "http://monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion",
-          "http://il6jcce6f5htppc3smu4olpt5pz3akdg5h7k7tb4n45jixxu2o2oxlid.onion/"
+          "http://il6jcce6f5htppc3smu4olpt5pz3akdg5h7k7tb4n45jixxu2o2oxlid.onion/",
+          "http://cls2wzky5vxgu54fg4fqdj4q4olyvmwt6rinmtgqsq5d3vubv7bdzgqd.onion/"
         ],
         "refs": [
           "https://www.ransomlook.io/group/monti"
@@ -29863,7 +29882,9 @@
           "ftp://dataShare:[email protected]",
           "https://31.41.244.100/",
           "http://ijzn3sicrcy7quixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvad.onion",
-          "http://kbsqoiyihadmwczmxkbovk7ss2dcynitwhhfu5yw725dbogo5kthfaad.onion"
+          "http://kbsqoiyihadmwczmxkbovk7ss2dcynitwhhfu5yw725dbogo5kthfaad.onion",
+          "http://ftp://dataShare:[email protected]",
+          "http://ftp://dataShare:[email protected]"
         ],
         "refs": [
           "https://www.ransomlook.io/group/qilin"
@@ -30040,7 +30061,8 @@
           "http://zv7u2tclxajbgae6ba4jkisnkfkts3lk7lxlypmuqktrk42qmo2c7hqd.onion/",
           "http://secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion/",
           "http://cqwdv5rxut5l3blbeg74ddfo6ya65xsxqan7vawffdng6ynd2kulfkqd.onion/",
-          "http://nlqnxzqixcwazwyib4bft2m6ikjrtihh4qgdtnmpmbi3meio5jj2xsad.onion/"
+          "http://nlqnxzqixcwazwyib4bft2m6ikjrtihh4qgdtnmpmbi3meio5jj2xsad.onion/",
+          "http://naurcsrhvsnxotv5awcsmddlcwgv447fvolmkyo6gfgszvtofijd6oid.onion/"
         ],
         "refs": [
           "https://www.ransomlook.io/group/ransomhouse"
@@ -31191,7 +31213,8 @@
           "http://d2wqt4kek62s35hjeankc75nis4zn4e5i6zdtmfkyeevr7fygpf2iiid.onion",
           "http://sclj2rax5ljisew3v4msecylzo7iieqw25kcl7io4szei4qcujxixaid.onion",
           "http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion",
-          "http://heac3upmfv33scnkeek64dqdx2cblv7z256aezluyvgtwsxi2o3coiid.onion/"
+          "http://heac3upmfv33scnkeek64dqdx2cblv7z256aezluyvgtwsxi2o3coiid.onion/",
+          "http://uss2a5zyeth7sop57zhgqcyafmnbkmoknps3i7anusze77zppp4bf5yd.onion/"
         ],
         "refs": [
           "https://www.ransomlook.io/group/cloak"
@@ -32072,6 +32095,7 @@
       "value": "c3rb3r"
     },
     {
+      "description": "",
       "meta": {
         "links": [
           "http://6n5tfadusp4sarzuxntz34q4ohspiaya2mc6aw6uhlusfqfsdomavyyd.onion",
@@ -32170,7 +32194,8 @@
           "http://medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion",
           "http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion",
           "http://medusakxxtp3uo7vusntvubnytaph4d3amxivbgg13hnhpk2nmus34yd.onion/227098164ef1fdb119ef537986bbdf24",
-          "http://hm2hlugduzuxiya5bgrsewfxmrzxbmslvg3t42zdzsorcn2nyfbrh6qd.onion/"
+          "http://hm2hlugduzuxiya5bgrsewfxmrzxbmslvg3t42zdzsorcn2nyfbrh6qd.onion/",
+          "http://7aqabivkwmpvjkyefonf3gpy5gsubopqni7kcirsrq3pflckxq5zz4id.onion/"
         ],
         "ransomnotes-filenames": [
           "!!!READ_ME_MEDUSA!!!.txt"
@@ -32757,7 +32782,28 @@
           "http://brclvwefzszko5xrlan7pebyliqdkv5cw75xksrxp772urjytkko5fyd.onion",
           "http://rmr2kgq6vzifnyoaz7jaxdx5t6gsxurbakah5bafatsqldtt2mwneyid.onion",
           "http://xdg53hbpwshgtbfbm6m7nv3ckkduo3dfdwdearcsvybfb3qaf4v7suyd.onion",
-          "http://toq7bk6abkr6lapwj3k22ffu4ud5jpox7jbfgzetpz7lxb427katstid.onion"
+          "http://toq7bk6abkr6lapwj3k22ffu4ud5jpox7jbfgzetpz7lxb427katstid.onion",
+          "http://tjnt7x2xodhthwrfnabhloogoo66jrgohgzpta22uwbqznsvrm5tu4id.onion/",
+          "http://fvixrjsdk2adazfnz4mrdvr4eznm346fk33y7nos65bdrtmfvw7f5vid.onion/",
+          "http://vhxbjx4iaeqgna22kqt5ajlqi72vbm6qcjev3efgr5oiklgptvjvjhqd.onion/",
+          "http://yszafmehxkoa7hrcay7cnyogfrmjqc4grds6innadspii5oz6fneyzyd.onion/",
+          "http://i4xita2momkw2jitqohbqgomjxqp53pyvgv5gbogvendbx3ucnynekyd.onion/",
+          "http://3ysbtsnhldlijvfdv7hwkr2gl3op2d56puspeo4whs6p272sde6fq5id.onion/",
+          "http://bd3atkmicmcif6mliquqdxltjq6mxvagw44gealayp34awtcx3ywlxid.onion/",
+          "http://biurt7anlhkncf2t3dvvtlszpnnyg3oiksyapcikxostz6zfrh4csvid.onion/",
+          "http://bzfp6qfir7bfqjxnpgofwvfzoyca7kmcsfliot5zzfsas6oofwo7zoad.onion/",
+          "http://fmcrlb2t524cpiiqiudbvdjmgvaczix2o5y5uc3zvi57niiyl467qgyd.onion/",
+          "http://gsqxzyynjegp73imth5p3ug4etgbehd3pb72e4zmiro4st3s2nlkmgyd.onion/",
+          "http://hjs27fuzq4j4gzshhbakt274eewxv2qdwmeugjx5eepwoaecczdkiiyd.onion/",
+          "http://i2agsvbyoy3viwel7ucjqtzcq3ocsj3jqqew5wlwpxty6uxd455qkoqd.onion/",
+          "http://kfvsqtlnfa5iiweywpubtqk4c2omc2vu4hvy26mhanaahtvpifzuxlid.onion/",
+          "http://l5hzzorh57w4wp5va4ouye77x5f2apqd6rvvh3tb2a7vcenn6c5a2fad.onion/",
+          "http://ljxmkfr6kl3ovwgkxycdrvvdf6tk7qdhgowcjkpsiocg7j5uuhmszyyd.onion/",
+          "http://red46f427ed4ogc76gscsqrytpdh4gy5reh2g6dzjpbm24k3ns2t27qd.onion/",
+          "http://xznhtihjpaz3rwcgwqrv3jipbbivlg5ttsdqoet55xe5a3nbxi47jwqd.onion/",
+          "http://y2hkrrb7aba2pgyvpfzqj3vlhbw7e2wj2t2wvtlmkr54yqz7p5ghnfid.onion/",
+          "http://yvst24dvz66unqqes6se3p3flxyzbtohaz6faknu5ne3zzeq2jumpiid.onion",
+          "http://sres5y2sze7lqkk5s4ahns5lhvc7nr5hqy5lchbxcvhaty2hnivdacqd.onion"
         ],
         "refs": [
           "https://www.ransomlook.io/group/ransomhub"
@@ -33728,7 +33774,9 @@
           "http://4q5tsu5o3msmv4am4dfhupwhzlyg7wv3lpswbvbhcrknr4ega7xetxad.onion/",
           "http://z2b75lk7xf6kme3zfvlmdmpwiaansnkcuhsojd23dgub5md24fhogcyd.onion/",
           "http://7lxwbzlkpjyuahuvngwwkc4mycj2a4flh45ksqjo2ezfdbkmxmlxikad.onion/",
-          "http://7watkqnnuwxvlpgy5gaosgqy67nve3jgpy37xobqngmswz3vuvde56yd.onion/"
+          "http://7watkqnnuwxvlpgy5gaosgqy67nve3jgpy37xobqngmswz3vuvde56yd.onion/",
+          "http://5dw7bszmidrhpoltqbqmpixpz6mvgez3mr6xc7ktval2glrmbxkwopad.onion/",
+          "http://a3kvb22nuhfgaluy6uzufrjn3azzsu7tylszdbyne3kiextdmxz4nnyd.onion"
         ],
         "refs": [
           "https://www.ransomlook.io/group/embargo"
@@ -33903,7 +33951,10 @@
           "http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/",
           "http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/",
           "http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/",
-          "http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion"
+          "http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion",
+          "http://brain4zoadgr6clxecixffvxjsw43cflyprnpfeak72nfh664kqqriyd.onion/",
+          "http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/c/lgc2Yxua65agt4XMOMkQKJjsdrV2IzYk",
+          "http://4ldgw2wuidqu5ef3rzx4byonf3y7rdnh43jiw2z4sbtjiwic6gkov7yd.onion/"
         ],
         "ransomnotes-filenames": [
           "added_extension.README.txt",
@@ -34318,6 +34369,7 @@
       "value": "orca"
     },
     {
+      "description": "",
       "meta": {
         "links": [
           "http://hackerosyolorz77y7vwj57zobwdeuzydhctz3kuuzr52ylzayvxuqyd.onion"
@@ -34363,7 +34415,8 @@
           "http://bf7dw4n6zne6rbgjlpcsidphpk753nkyubipkym5t4pntgfyb6clw2qd.onion/login",
           "http://nxarphaf35qp2uuosaq54m3a2s5kt4svpcv56mvz6r7xy6na7uo5ypyd.onion/",
           "http://bxi2cepk57dy3uhgwqd6dri6jtuqe7btay225rn6xkvvgnp2cvjvowqd.onion/",
-          "http://2idvzxbwvzbxhuniw7kfaimcvtqazmn7nmuw7codg65cshwwsvnpz7id.onion/"
+          "http://2idvzxbwvzbxhuniw7kfaimcvtqazmn7nmuw7codg65cshwwsvnpz7id.onion/",
+          "http://xqsdbtrtmufdyiqnkrkvosec4gqappf2egcptzqppjtqdevsoadakyqd.onion"
         ],
         "refs": [
           "https://www.ransomlook.io/group/nitrogen"
@@ -34473,7 +34526,9 @@
           "http://zmdmlidqqrxbkyqkqttbsbticjbofjs5uzwecqvdxfadvsjw7mp5kjyd.onion",
           "http://tyrvuuh5tvrvk4x6lfxrvgabqmzpnxehelmdqztu3vekujcknvl2ufad.onion/",
           "http://k5pmfzuqwxr2uhnskktjicbnzr633zejupe54yginljj3mgoysfwe4id.onion/",
-          "http://65bhkrfbqnfjgcsr7456luzjauw5nikuwxradlysivy5wbttjikdhxid.onion/"
+          "http://65bhkrfbqnfjgcsr7456luzjauw5nikuwxradlysivy5wbttjikdhxid.onion/",
+          "http://k6oor2g5bfvdxhxr2g6fczu3iqldbzyavydk56lh6z7ex7n7wqg4eryd.onion/",
+          "http://tpwgxrocjvlonhrfjm4jx3dore2u4brxfj4ikt7iba36c23svthhf7ad.onion/"
         ],
         "refs": [
           "https://www.ransomlook.io/group/interlock"
@@ -34502,7 +34557,8 @@
           "http://hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion",
           "http://r7i4vprxr2vznmhnnxj36264ofwx6extopdz535f5v357nqacifymbad.onion/",
           "http://hellcat.rw",
-          "http://hcatxn4ppkgmakaatrq6bsbhqk5ouhviygyx57gljjt5iseul5nvpayd.onion"
+          "http://hcatxn4ppkgmakaatrq6bsbhqk5ouhviygyx57gljjt5iseul5nvpayd.onion",
+          "http://hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion/api2.php?action=victims"
         ],
         "refs": [
           "https://www.ransomlook.io/group/hellcat"
@@ -35691,7 +35747,10 @@
       "description": "Kraken leak blog (hellokitty)",
       "meta": {
         "links": [
-          "http://krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion/"
+          "http://krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion/",
+          "http://zq3k4odlfpbzc5y4sxqgolivelxepceaakru3xqo4ll2czmvvtek2ryd.onion/",
+          "http://t3uouzfvsaqurb2rzoe2mkpetp54d7lgtl45ply34v5lugsnzysmkhid.onion/",
+          "http://xbupelqsy7lubogl6kdtdqguxoleehbxnuuqm2dos6bbmdwablpqckad.onion/"
         ],
         "refs": [
           "https://www.ransomlook.io/group/kraken"
@@ -36482,6 +36541,7 @@
       "value": "late.lol"
     },
     {
+      "description": "",
       "meta": {
         "links": [
           "http://fdevb3qh24ak7wujqsf7co4z6fstm5qxvnkkgs62fayztjfjjtqqgsad.onion/"
@@ -36505,7 +36565,120 @@
       },
       "uuid": "a88c7ffe-a9e1-5961-bbfa-22725789fd86",
       "value": "tooda"
+    },
+    {
+      "description": "",
+      "meta": {
+        "links": [
+          "http://fonektibq4fbgergrorw43yawhz3qslkonrwc74j2h2kftcidmf6g6id.onion/"
+        ],
+        "refs": [
+          "https://www.ransomlook.io/group/robbing hood"
+        ]
+      },
+      "uuid": "0c442cbf-7466-5847-b1fa-58f9acc24aa2",
+      "value": "robbing hood"
+    },
+    {
+      "description": "",
+      "meta": {
+        "links": [
+          "http://afiocd14efgh5hu8ijkl9012m.onion"
+        ],
+        "refs": [
+          "https://www.ransomlook.io/group/darkhav0c"
+        ]
+      },
+      "uuid": "8141f0e6-4914-54a6-a01e-b4ee77836954",
+      "value": "darkhav0c"
+    },
+    {
+      "description": "",
+      "meta": {
+        "links": [
+          "http://rnsmwareartse3m4hjsumjf222pnka6gad26cqxqmbjvevhbnym5p6ad.onion/",
+          "http://nidzkoszg57upoq7wcalm2xxeh4i6uumh36axsnqnj3i7lep5uhkehyd.onion/",
+          "http://oow7rehrxlzpy6vh3hezl2khstkpa6s7wx3iit74tr6xbjibupld5iad.onion/"
+        ],
+        "refs": [
+          "https://www.ransomlook.io/group/run some wares"
+        ]
+      },
+      "uuid": "f4f89742-15c5-5b77-8669-06c2a1eaacd5",
+      "value": "run some wares"
+    },
+    {
+      "description": "",
+      "meta": {
+        "links": [
+          "http://iywqjjaf2zioehzzauys3sktbcdmuzm2fsjkqsblnm7dt6axjfpoxwid.onion/",
+          "http://xs4psqhvekjle3qwyiav7dzccuo4ylw2eylvd3peuqrld74kzzjzhcyd.onion/"
+        ],
+        "refs": [
+          "https://www.ransomlook.io/group/linkc"
+        ]
+      },
+      "uuid": "39d97d49-fe9d-5af3-95f4-b9f3fdf8e60a",
+      "value": "linkc"
+    },
+    {
+      "meta": {
+        "links": [],
+        "refs": [
+          "https://www.ransomlook.io/group/encrypthub"
+        ]
+      },
+      "uuid": "5d268413-4eee-5d8c-b8b3-63eee4ce4531",
+      "value": "encrypthub"
+    },
+    {
+      "description": "aka Cring / Ghost (Cring)\r<br/>\r<br/>Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.\r<br/>\r<br/>Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.\r<br/>\r<br/>https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a",
+      "meta": {
+        "links": [],
+        "refs": [
+          "https://www.ransomlook.io/group/ghost"
+        ]
+      },
+      "uuid": "ef9769e4-067c-5e45-b80f-36f6d5a52a82",
+      "value": "ghost"
+    },
+    {
+      "description": "",
+      "meta": {
+        "links": [
+          "http://oxthiefsvzp3qifmkrpwcllwscyu7jvmdxmd2coz2rxpem6ohut6x5qd.onion/"
+        ],
+        "refs": [
+          "https://www.ransomlook.io/group/ox thief"
+        ]
+      },
+      "uuid": "2a4b653c-f94a-5d41-b33e-b7380d07db66",
+      "value": "ox thief"
+    },
+    {
+      "description": "Mimic v.10 Ransomware-as-a-Service (RaaS). The malware is designed to target various operating systems (Windows, ESXi, NAS, FreeBSD) and features network-wide deployment, file obfuscation, backup destruction, UAC bypass, and multithreaded encryption. The service offers additional tools like NTLM password decryption and call-based extortion. They prohibit attacks on CIS countries and require active participation, with decryption tools available for a fee currently 800USD.",
+      "meta": {
+        "links": [],
+        "refs": [
+          "https://www.ransomlook.io/group/mimic-guram"
+        ]
+      },
+      "uuid": "65cba1a3-f165-5ff6-96c0-fe15981b92eb",
+      "value": "mimic-guram"
+    },
+    {
+      "description": "",
+      "meta": {
+        "links": [
+          "http://om6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion/"
+        ],
+        "refs": [
+          "https://www.ransomlook.io/group/anubis"
+        ]
+      },
+      "uuid": "99b9665b-4d05-513e-a01d-7790da1f52ee",
+      "value": "anubis"
     }
   ],
-  "version": 145
+  "version": 146
 }