Keranger 2
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/:
Query
select * from file where \\
path LIKE '/Users/%/Library/.kernel_%' OR \\
path LIKE '/Users/%/Library/kernel_service';Additional Query Info
- Version: 1.4.5
- Interval: 3600
JSON
{
"queries": {
"Keranger 2": {
"query": "select * from file where \\
path LIKE '/Users/%/Library/.kernel_%' OR \\
path LIKE '/Users/%/Library/kernel_service';",
"interval": "3600",
"platform": "",
"version": "1.4.5",
"description": "http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/",
"value": ""
}
}
}