Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Deadbolt Ransomware Detection

By kannthu

Informative
Vidoc logoVidoc Module
#ransomware#deadbolt
Description

What is the "Deadbolt Ransomware Detection?"

The "Deadbolt Ransomware Detection" module is designed to detect the presence of the Deadbolt ransomware on a target system. Ransomware is a type of malicious software that encrypts files on a victim's computer and demands a ransom for their release. Deadbolt is a specific variant of ransomware that has been identified as a threat.

This module is categorized as having an "informative" severity level, which means it provides information about potential vulnerabilities or risks without actively exploiting or causing harm to the target system.

The original author of this module is pdteam.

Impact

If the Deadbolt ransomware is detected on a system, it indicates that the system has been compromised and files have been encrypted. This can lead to significant data loss and potentially disrupt normal operations. It is important to take immediate action to mitigate the impact of the ransomware and prevent further damage.

How the module works?

The "Deadbolt Ransomware Detection" module works by analyzing the content of HTTP responses from the target system. It searches for a specific string in the response body that indicates the presence of the Deadbolt ransomware. The matching condition used in this module is a word matcher that looks for the phrase "<title>ALL YOUR FILES HAVE BEEN LOCKED BY DEADBOLT.</title>".

When the module is executed, it sends an HTTP request to the target system and examines the response for the presence of the specified string. If the string is found, the module reports a vulnerability, indicating that the Deadbolt ransomware has been detected.

It is important to note that this module does not actively remove or mitigate the ransomware. Its purpose is solely to identify the presence of the Deadbolt ransomware on a target system.

Module preview

Concurrent Requests (0)
Passive global matcher
word: <title>ALL YOUR FILES HAVE BEEN LOCKED B...
On match action
Report vulnerability