Analysis | attempt to detect KERANGER RANSOMWARE from Transmission - Mac

attempt to detect KERANGER RANSOMWARE from Transmission - Mac
Log In or Register to download the BES file, and more.

1 Votes

Versioning - This is the latest version.

1	attempt to detect KERANGER RANSOMWARE from Transmission - Mac	3/7/2016 12:30:54 PM
2	attempt to detect KERANGER RANSOMWARE from Transmission - Mac	3/7/2016 12:53:39 PM
3	attempt to detect KERANGER RANSOMWARE from Transmission - Mac	3/7/2016 1:42:38 PM

Description

This analysis attempts to detect signs of the KERANGER RANSOMWARE that was installed along with Transmission v2.90

Related:

Property Details

ID	2995859
Status	Alpha - Code that was just developed
Title	attempt to detect KERANGER RANSOMWARE from Transmission - Mac
Domain	BESC
Added by	jgstew on 3/7/2016 1:42:38 PM
Last Modified by	jgstew on 3/7/2016 1:42:38 PM
Counters	3496 Views / 50 Downloads
User Rating	* Average over 1 rating. ** Log In or Register to add your rating.

Properties

.kernel_time

Period 1 hour

* Results in a true/false

files ".kernel_time" of folders "Library" of folders of folders "/Users"

.kernel_pid

Period 1 hour

* Results in a true/false

files ".kernel_pid" of folders "Library" of folders of folders "/Users"

kernel_service

Period 1 hour

* Results in a true/false

files "kernel_service" of folders "Library" of folders of folders "/Users"

transmission

Period 1 hour

* Results in a true/false

applications whose(name of it as lowercase contains "transmission")

kernel_

Period 1 hour

* Results in a true/false

files whose(name of it as lowercase contains "kernel_") of folders "Library" of folders of folders "/Users"

Exists downloaded copy of Transmission 2.90

Period 1 hour

* Results in a true/false

exists files whose(name of it starts with "Transmission" AND name of it contains "2.90") of folders "Downloads" of folders of folders "/Users"

General.rtf

Period 1 hour

* Results in a true/false

exists files whose(name of it contains "General.rtf") of folders "Transmission.app/Contents/Resources" of (folders "/Applications"; folders "/Volumes/Transmission")

Relevance

Relevance 2996963

Used in 207 fixlets and 97 analyses

* Results in a true/false

mac of operating system

Sharing

Social Media:

Search for:	Relevance	Fixlets/Tasks
	Analyses	BFI Signatures
	Dashboard/Wizard

Title	Keywords	Description
Relevance	Domain	ActionScript
Mime	Signature Content	(clear all)


Content Search Share Learn Projects	Utilities View SCM Scripts Base64 Converter Shell to Action Script	About About Us Tour FAQ Terms Contact Us	IBM-BigFix Resources Download BigFix Product Documentation Support Forum Github/Bigfix Endpoint Management Community ISML

attempt to detect KERANGER RANSOMWARE from Transmission - Mac Log In or Register to download the BES file, and more.

Versioning - This is the latest version.

Description

Property Details

Properties

Relevance

Sharing

Comments

Content

Utilities

About

IBM-BigFix Resources

attempt to detect KERANGER RANSOMWARE from Transmission - Mac
Log In or Register to download the BES file, and more.