Rule Category


Alert Message

MALWARE-OTHER Win.Ransomware.Annabelle file download

Rule Explanation

This event is generated when a ransomware targeting to overwrite or destroy the computer's master boot record, has been detected Impact: A Network Trojan was detected Details: This rule is intended to provide coverage to the download of a ransomware that overwrites the master boot record of a computer in order to request a ransom payment for the unlock of the computer, otherwise the user files will be destroyed or remain encrypted Ease of Attack: Easy

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives


Cisco Talos Intelligence Group

Rule Groups

No rule groups



Additional Links

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.