-
Notifications
You must be signed in to change notification settings - Fork 0
/
fscanary.conf.sample
159 lines (156 loc) · 3.61 KB
/
fscanary.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# email address to send notifications to
email = [email protected]
# smtp server to use for delivery of emails
smtp_server = smarthost.example.com
# logging level; 0 to 9. Higher number = Higher verbosity.
# 1 is good for general operation.
# 5 for debugging.
# 9 is a fire hose of debug info.
logging = 1
# a watch for executable files. notifies the above email address
[executables]
enabled = yes
path = /
notify = yes
#quarantine = no
#dest = /tmp/qtine
pattern = *.apk
pattern = *.app
pattern = *.bat
pattern = *.bin
pattern = *.cmd
pattern = *.com
pattern = *.cpl
pattern = *.csh
pattern = *.exe
pattern = *.inf1
pattern = *.ins
pattern = *.inx
pattern = *.ipa
pattern = *.isu
pattern = *.job
pattern = *.jse
pattern = *.ksh
pattern = *.lnk
pattern = *.msc
pattern = *.msi
pattern = *.msp
pattern = *.mst
pattern = *.osx
pattern = *.out
pattern = *.paf
pattern = *.pif
pattern = *.prg
pattern = *.ps1
pattern = *.reg
pattern = *.rgs
pattern = *.run
pattern = *.sct
pattern = *.shb
pattern = *.shs
pattern = *.u3p
pattern = *.vb
pattern = *.vbe
pattern = *.vbs
pattern = *.vbscript
pattern = *.ws
pattern = *.wsf
# an attempt at early detection of a cryptolocker infection
# source: https://www.reddit.com/r/sysadmin/comments/46361k/list_of_ransomware_extensions_and_known_ransom/
# for a full list see: https://fsrm.experiant.ca/
[cryptolocker]
enabled = no
path = /
notify = yes
pattern = *.ecc
pattern = *.ezz
pattern = *.exx
pattern = *.zzz
pattern = *.xyz
pattern = *.aaa
pattern = *.abc
pattern = *.ccc
pattern = *.vvv
pattern = *.xxx
pattern = *.ttt
pattern = *.micro
pattern = *.encrypted
pattern = *.locked
pattern = *.crypto
pattern = *_crypt
pattern = *.crinf
pattern = *.r5a
pattern = *.XRNT
pattern = *.XTBL
pattern = *.crypt
pattern = *.R16M01D05
pattern = *.pzdc
pattern = *.good
pattern = *.LOL!
pattern = *.OMG!
pattern = *.RDM
pattern = *.RRK
pattern = *.encryptedRSA
pattern = *.crjoker
pattern = *.EnCiPhErEd
pattern = *.LeChiffre
pattern = *.keybtc@inbox_com
pattern = *.0x0
pattern = *.bleep
pattern = *.1999
pattern = *.vault
pattern = *.HA3
pattern = *.toxcrypt
pattern = *.magic
pattern = *.SUPERCRYPT
pattern = *.CTBL
pattern = *.CTB2
pattern = *.locky
pattern = HELPDECRYPT.TXT
pattern = HELP_YOUR_FILES.TXT
pattern = HELP_TO_DECRYPT_YOUR_FILES.txt
pattern = RECOVERY_KEY.txt
pattern = HELP_RESTORE_FILES.txt
pattern = HELP_RECOVER_FILES.txt
pattern = HELP_TO_SAVE_FILES.txt
pattern = DecryptAllFiles.txt
pattern = DECRYPT_INSTRUCTIONS.TXT
pattern = INSTRUCCIONES_DESCIFRADO.TXT
pattern = How_To_Recover_Files.txt
pattern = YOUR_FILES.HTML
pattern = YOUR_FILES.url
pattern = encryptor_raas_readme_liesmich.txt
pattern = Help_Decrypt.txt
pattern = DECRYPT_INSTRUCTION.TXT
pattern = HOW_TO_DECRYPT_FILES.TXT
pattern = ReadDecryptFilesHere.txt
pattern = Coin.Locker.txt
pattern = _secret_code.txt
pattern = About_Files.txt
pattern = Read.txt
pattern = DECRYPT_ReadMe.TXT
pattern = DecryptAllFiles.txt
pattern = FILESAREGONE.TXT
pattern = IAMREADYTOPAY.TXT
pattern = HELLOTHERE.TXT
pattern = READTHISNOW!!!.TXT
pattern = SECRETIDHERE.KEY
pattern = IHAVEYOURSECRET.KEY
pattern = HELPDECYPRT_YOUR_FILES.HTML
pattern = help_decrypt_your_files.html
pattern = HELP_TO_SAVE_FILES.txt
pattern = RECOVERY_FILES.txt
pattern = RECOVERY_FILE.TXT
pattern = RECOVERY_FILE[*].txt
pattern = HowtoRESTORE_FILES.txt
pattern = HowtoRestore_FILES.txt
pattern = howto_recover_file.txt
pattern = restorefiles.txt
pattern = howrecover+[*].txt
pattern = _how_recover.txt
pattern = recoveryfile[*].txt
pattern = recoverfile[*].txt
pattern = recoveryfile[*].txt
pattern = Howto_Restore_FILES.TXT
pattern = help_recover_instructions+[*].txt
pattern = _Locky_recover_instructions.txt