Ransomware Hunter natively integrates with ArcSight and leveragesstatistical profiling and behavioral analysis methods, OSINT feeds including Ransomware Tracker by and Detect Tor feed as well as strictly defined correlation rules. This enables organizations to spot and stop any Ransomware as early as possible. Due to adversaries continuously bypassing traditional defense systems in both wide-spectre and targeted attacks (APT), accurate and timely detection followed by Incident Response can completely prevent any threat and damage posed by Ransomware. Ransomware Hunter provides detection and automatic alerting capabilities at Reconnaissance, Delivery, Exploitation, Installation, Command and Control (C2) and Action on Objectives phases, thus covering full threat Life-cycle according to Cyber Kill Chain methodology.

Minimum Requirements

SIEM Requirements:

   - HPE ArcSight ESM 6.9 or higher;

It also requires properly configured categorization for Log Sources.

Recommend install Data Quality Framework package to control categorization. Additional: Any Linux server or workstation with access to SIEM and web sites (https, port 443) for script:  

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.


Ransomware Hunter 2.1
913.0 KB
Oct 2, 2017
More info Less info
Product compatibility
Version 7.4 · 7.3 · 7.2 · 7.0
Version 6.9.1 · 6.11.0
ESM Express
Version 6.9.1
Release notes

   Version 2.1  

  • Disabled historical rules by default and removed rule folder scheduled job
  • False positives reduction. Now all rules trigger only on connections to ransomware sites that have status “Online” in

Version 2.0:  

  •   Added Windows file audit monitoring
  •   Increased Active List capacity
  •   Updated documentation, added resource description

Version 1.5  

  •   False positives reduction
  •   Added Kill Chain categorization to events
  •   Added SOC channel
  •   Added historical correlation for better accuracy and false-positive reduction
  •   Granular prioritization of correlated events
  •   Added detection of Tor Network communication
  •   Updated script. Fixed minor bugs

Version 1.0:  

  •   Initial version.

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service and Micro Focus Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service and the Micro Focus Terms of Service" box below and click accept to continue your download.

Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-1-1-3600 | Wed Jan 6 00:44:15 PST 2021