Techniques
Sample rules
Wannacry Killswitch Domain
- source: sigma
- technicques:
- t1071
- t1071.001
Description
Detects wannacry killswitch domain dns queries
Detection logic
condition: selection
selection:
query:
- ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.testing
- ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.test
- ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com
- ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf.com
- iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea.com