Add in FP negation & new sig to ransomware filemodifications

cuckoosandbox / community

Repository of modules and signatures contributed by the community

324 stars 175 forks source link

Closed kevross33 closed 6 years ago

kevross33 commented 6 years ago

Only ever really saw this FP of overwriting files on office and generally rare and more seen in exploits like MD5 ae6b65ca7cbd4ca0ba86c6278c834547.

FP on exploit file:

kevross33 commented 6 years ago

Found sample doing mass file deletion; CryptoShield ransomware MD5 e4d7596676b884563d9af2eef3642b1f

jbremer commented 6 years ago

Merged, thanks! Checking hashes later.