Find Ransomware Files on Y Drive
Log In or Register to download the BES file, and more.

2 Votes

Description

Find files with specified extension on Y drive.

Property Details

ID24347
StatusProduction - Fully Tested and Ready for Production
TitleFind Ransomware Files on Y Drive
DomainBESC
SourceInternal
Source Release Date5/4/2016 12:00:00 AM
Keywordswannacry ransomware
Is TaskTrue
Added by on 5/15/2017 7:56:59 PM
Last Modified by on 5/15/2017 7:56:59 PM
Counters 1480 Views / 4 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 274)
Used in 226 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system starts with "Win"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists folder "y:\"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
waithidden cmd /c if exist y:\ransomware_list.txt del y:\ransomware_list.txt /q /f
waithidden cmd /c dir y:\*.wn y:\*.wcry /a /s >y:\ransomware_list.txt
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
cjwolford -
intended to be used with analysis that won't upload: if(exists file "y:\ransomware_list.txt") and (number of lines of file "y:\ransomware_list.txt" > 2) then ("RANSOMWARE DETECTED") else ("No File Found")