Change deletes self sig name to deletes executed

cuckoosandbox / community

Repository of modules and signatures contributed by the community

324 stars 175 forks source link

Change deletes self sig name to deletes executed #333

Closed kevross33 closed 6 years ago

kevross33 commented 7 years ago

I have changed this sig name to detect deletion of any executed files from disk which could highlight stealth cleanup. Deleting original EXE is extremely malicious and could be another sig but the sig did not match the original process accurately and in its current form that is being used is not just the original file but any executed file being deleted hence the name change

kevross33 commented 6 years ago

Closing as duplicated now

jbremer commented 6 years ago

Merged, thanks!