Merge pull request ctxis#163 from kevross33/patch-92

Add in ransomware extensions
enzok · Oct 3, 2019 · aff5955 · aff5955
2 parents da3cd3c + 32313f5
commit aff5955
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/modules/signatures/ransomware_fileextensions.py b/modules/signatures/ransomware_fileextensions.py
@@ -84,6 +84,14 @@ def run(self):
             (".*\.serpent$", ["Serpent"]),
             (".*\.REVENGE$", ["Revenge"]),
             (".*\.RYK$", ["Ryuk"]),
+            (".*\.FTCODE$", ["FTCode"]),
+            (".*\.Lazarus$", ["Ouroboros"]),
+            (".*\.Lazarus+$", ["Ouroboros"]),
+            (".*\.KRONOS$", ["Ouroboros"]),
+            (".*\.Yatron$", ["Yatron"]),
+            (".*\.HCY$", ["HildaCrypt"]),
+            (".*\.guarded$", ["GarrantyDecrypt"]),
+            (".*\.lilocked$", ["Lilocked"]),
         ]
 
         for indicator in indicators: