Managed Sentinel – Alert 025
| Alert ID | MS-A025 |
| Alert Name | DNS Domains linked to WannaCry ransomware campaign |
| Description | Displays client DNS request for any of the known domains linked to #WannaCry. These results may indicate #Wannacry #Wannacrypt ransomware infection. Domain listing from https://pastebin.com/cRUii32E Source: Github - Microsoft |
| Severity Level | High |
| Threat Indicator | Data Theft |
| MITRE ATT&CK Tactics | Initial Access Execution |
| Log sources | DNS Logs |
| False Positives | Unknown |
| Recommendations | It is recommended to review the Firewall\Webproxy logs in relation to the ClientIP making the WannaCry requests. Quarantine suspected host and perform a full antimalware scan. |