attempt to detect KERANGER RANSOMWARE from Transmission - Mac
1 Votes |
Versioning - This is the latest version.
1 | attempt to detect KERANGER RANSOMWARE from Transmission - Mac | 3/7/2016 12:30:54 PM |
2 | attempt to detect KERANGER RANSOMWARE from Transmission - Mac | 3/7/2016 12:53:39 PM |
3 | attempt to detect KERANGER RANSOMWARE from Transmission - Mac | 3/7/2016 1:42:38 PM |
Description
This analysis attempts to detect signs of the KERANGER RANSOMWARE that was installed along with Transmission v2.90
Related:
Property Details
2995859 | |
Alpha - Code that was just developed | |
attempt to detect KERANGER RANSOMWARE from Transmission - Mac | |
BESC | |
jgstew on 3/7/2016 1:42:38 PM | |
jgstew on 3/7/2016 1:42:38 PM | |
6139 Views / 79 Downloads | |
![]() ![]() ![]() ![]() ![]() |
Properties
.kernel_time
Period
1 hour
* Results in a true/false |

files ".kernel_time" of folders "Library" of folders of folders "/Users"
.kernel_pid
Period
1 hour
* Results in a true/false |

files ".kernel_pid" of folders "Library" of folders of folders "/Users"
kernel_service
Period
1 hour
* Results in a true/false |

files "kernel_service" of folders "Library" of folders of folders "/Users"
transmission
Period
1 hour
* Results in a true/false |

applications whose(name of it as lowercase contains "transmission")
kernel_
Period
1 hour
* Results in a true/false |

files whose(name of it as lowercase contains "kernel_") of folders "Library" of folders of folders "/Users"
Exists downloaded copy of Transmission 2.90
Period
1 hour
* Results in a true/false |

exists files whose(name of it starts with "Transmission" AND name of it contains "2.90") of folders "Downloads" of folders of folders "/Users"
General.rtf
Period
1 hour
* Results in a true/false |

exists files whose(name of it contains "General.rtf") of folders "Transmission.app/Contents/Resources" of (folders "/Applications"; folders "/Volumes/Transmission")
Relevance

mac of operating system
Sharing
Social Media: |