List of ransomware instruction files and extensions

[jgajek]

This might perhaps be useful for making some of Cuckoo's ransomware signatures more comprehensive.

https://fsrm.experiant.ca/

[kevross33]

Hi,

Do you know how frequently https://fsrm.experiant.ca/api/v1/get is updated with new indicators? It is possible and would remove some of the manual work if it is maintained although it doesn't have the family name.

The generic filemodification signature does well against most malware (moving files, dropping encrytped files etc) but it could be useful if it is updated frequently and the intel could be picked up.

I was also really interested in this with Cuckoo but the authors haven't released anything yet although they said they were going to release a system.

https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_kharraz.pdf

[Nwinternights]

looking at https://fsrm.experiant.ca/ seems that the list has been updated recently : "Last updated: April 30, 2017 @ 12:16PM (America/Edmonton)"

[nexxai]

Hi guys, I run the FSRM.experiant.ca site, and I happened to see this page as the referrer to the FSRM. While I see this request is almost a year old, I wanted to respond authoritatively to the original question of how often it's updated.

We have continually updated the site since its inception, as quickly as possible. We have multiple methods of finding new extensions, and as soon as we become aware of a new one, it's added to the site. As it's primarily just myself managing the site and I live in North America, they are usually added within an hour of detection (sometimes in as short as a few seconds) during waking hours (7AM-11PM), or immediately after waking up. This is because most submissions have to be manually checked for correctness, so I need to physically confirm them before making them public.

Hopefully that answers your questions, but if not, I'd be more than happy to discuss further.

Thanks! JS