Managed Sentinel – Alert 025

Alert IDMS-A025
Alert NameDNS Domains linked to WannaCry ransomware campaign
DescriptionDisplays client DNS request for any of the known domains linked to #WannaCry. These results may indicate #Wannacry #Wannacrypt ransomware infection. Domain listing from https://pastebin.com/cRUii32E
Source: Github - Microsoft
Severity LevelHigh
Threat IndicatorData Theft
MITRE ATT&CK TacticsInitial Access
Execution
Log sourcesDNS Logs
False PositivesUnknown
RecommendationsIt is recommended to review the Firewall\Webproxy logs in relation to the ClientIP making the WannaCry requests.
Quarantine suspected host and perform a full antimalware scan.