OSX Keranger detection fix

2024-11-07 01:55:20 +00:00 · 2016-03-07 09:25:32 -08:00 · 2016-03-07 09:25:32 -08:00 · 7c18ce9bb0
commit 7c18ce9bb0
parent 677c448dea
1 changed files with 1 additions and 1 deletions
--- a/packs/osx-attacks.conf
+++ b/packs/osx-attacks.conf
@ -202,7 +202,7 @@
      "value": "Artifact used by this malware"
    },
    "Keranger_2": {
-      "query": "select * from file where path like '/Users/%/Library/.kernel_%' or path like '/Users/%/Library/kernel_service';",
+      "query": "select * from file where path like '/Users/%/Library/.kernel_%' union select * from file where path like '/Users/%/Library/kernel_service';",
      "interval": "86400",
      "description": "http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/",
      "value": "Artifact used by this malware"