Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER Win.Worm.Shamoon propagation via SMB2 transfer attempt

Rule Explanation

This event is generated when a host infected with Shamoon malware attempts to propagate to another host via SMB. Impact: A host is likely infected with Shamoon malware. Details: Shamoon is known for malware such as Disttrack which steals files and documents before destroying the hard drive of the infected host. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

Rule Vulnerability

CVE Additional Information