Antivirus Ransomware Detection
Detects a highly relevant Antivirus alert that reports ransomware
Sigma rule (View on GitHub)
1title: Antivirus Ransomware Detection
2id: 4c6ca276-d4d0-4a8c-9e4c-d69832f8671f
3status: test
4description: Detects a highly relevant Antivirus alert that reports ransomware
5references:
6 - https://www.nextron-systems.com/?s=antivirus
7 - https://www.virustotal.com/gui/file/43b0f7872900bd234975a0877744554f4f355dc57505517abd1ef611e1ce6916
8 - https://www.virustotal.com/gui/file/c312c05ddbd227cbb08958876df2b69d0f7c1b09e5689eb9d93c5b357f63eff7
9 - https://www.virustotal.com/gui/file/20179093c59bca3acc6ce9a4281e8462f577ffd29fd7bf51cf2a70d106062045
10 - https://www.virustotal.com/gui/file/554db97ea82f17eba516e6a6fdb9dc04b1d25580a1eb8cb755eeb260ad0bd61d
11 - https://www.virustotal.com/gui/file/69fe77dd558e281621418980040e2af89a2547d377d0f2875502005ce22bc95c
12author: Florian Roth (Nextron Systems), Arnim Rupp
13date: 2022/05/12
14modified: 2023/02/03
15tags:
16 - attack.t1486
17logsource:
18 category: antivirus
19detection:
20 selection:
21 Signature|contains:
22 - 'Ransom'
23 - 'Cryptor'
24 - 'Crypter'
25 - 'CRYPTES'
26 - 'GandCrab'
27 - 'BlackWorm'
28 - 'Phobos'
29 - 'Destructor'
30 - 'Filecoder'
31 - 'GrandCrab'
32 - 'Krypt'
33 - 'Locker'
34 - 'Ryuk'
35 - 'Ryzerlo'
36 - 'Tescrypt'
37 - 'TeslaCrypt'
38 condition: selection
39falsepositives:
40 - Unlikely
41level: critical
References
-
by Florian Roth | Jan 20, 2023 We've updated our Antivirus Event Analysis Cheat Sheet to version 1.12.0. It includes updates in several sections New signatures for PUA like FRP and Adfind Signature...
Read More -
-
-
-
-