title: Antivirus Ransomware Detection
id: 4c6ca276-d4d0-4a8c-9e4c-d69832f8671f
status: experimental
description: Detects a highly relevant Antivirus alert that reports ransomware
author: Florian Roth
references:
  - https://www.nextron-systems.com/?s=antivirus
date: 2022/05/12
logsource:
  category: antivirus
detection:
  selection:
    Signature|contains:
      - 'Ransom'
      - 'Filecoder'
  condition: selection
falsepositives:
  - Unlikely
level: critical
tags:
  - attack.t1486