Find Ransomware Files on X Drive
Log In or Register to download the BES file, and more.

0 Votes

Description

Find files with specified extension on X drive.

Property Details

ID24346
StatusProduction - Fully Tested and Ready for Production
TitleFind Ransomware Files on X Drive
DomainBESC
SourceInternal
Source Release Date5/4/2016 12:00:00 AM
Keywordswannacry ransomware
Is TaskTrue
Added by on 5/15/2017 7:56:58 PM
Last Modified by on 5/15/2017 7:56:58 PM
Counters 1100 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 274)
Used in 233 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system starts with "Win"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists folder "x:\"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
waithidden cmd /c if exist x:\ransomware_list.txt del x:\ransomware_list.txt /q /f
waithidden cmd /c dir x:\*.wn x:\*.wcry /a /s >x:\ransomware_list.txt
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
cjwolford -
intended to be used with analysis that won't upload: if(exists file "x:\ransomware_list.txt") and (number of lines of file "x:\ransomware_list.txt" > 2) then ("RANSOMWARE DETECTED") else ("No File Found")