File With Samsam Extension

Description

The search looks for file writes with extensions consistent with a SamSam ransomware attack.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Malware,

Alert Volume

The search looks for file writes with extensions consistent with a SamSam ransomware attack.

SPL Difficulty

None

Journey

Stage 3

Kill Chain Phases

Installation

Data Sources

Endpoint Detection and Response

   Help

File With Samsam Extension Help

You must be ingesting data that records file-system activity from your hosts to populate the Endpoint file-system data-model node. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.

   Search

Open in Search