Find Ransomware Files on C Drive
Log In or Register to download the BES file, and more.

0 Votes

Description

Find files with specified extension on C drive.

Property Details

ID24331
StatusProduction - Fully Tested and Ready for Production
TitleFind Ransomware Files on C Drive
DomainBESC
SourceInternal
Source Release Date5/4/2016 12:00:00 AM
Keywordswannacry ransomware
Is TaskTrue
Added by on 5/15/2017 7:56:42 PM
Last Modified by on 5/15/2017 7:56:42 PM
Counters 700 Views / 9 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 274)
Used in 229 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system starts with "Win"
Used in 4 fixlets   * Results in a true/false
Show indented relevance
exists folder "c:\"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
waithidden cmd /c if exist c:\ransomware_list.txt del c:\ransomware_list.txt /q /f
waithidden cmd /c dir c:\*.wn c:\*.wcry /a /s >c:\ransomware_list.txt
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
cjwolford -
intended to be used with analysis that won't upload: if(exists file "c:\ransomware_list.txt") and (number of lines of file "c:\ransomware_list.txt" > 2) then ("RANSOMWARE DETECTED") else ("No File Found")