Active Malware Remediation: Trickbot & Emotet
Jay from Sophos Support goes over the steps to handle an Emotet or TrickBot infection in your environment.
Skip ahead to these sections:
0:00 Overview
1:40 Prerequisites
6:15 Remediation
8:51 Additional Information
Resources
Sophos MTR Rapid Response: https://www.sophos.com/en-us/products/managed-threat-response/rapid-response.aspx
Sophos Source of Infection (SOI) Tool: How to Download and Use
https://support.sophos.com/support/s/article/KB-000033931?language=en_US
How To: Running the Source of Infection (SOI) Tool on a Remote Computer
https://support.sophos.com/support/s/article/KB-000034560?language=en_US
Sophos Central Endpoint: Recommended Threat Protection Policy Settings
https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ConfigureMalwareProtection.html
Sophos Central Server: Recommended Threat Protection Policy Settings
https://support.sophos.com/support/s/article/KB-000038565?language=en_US
Sophos Central Admin Guide: Early Access Programs
https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/EarlyAccessPrograms.html
How to Verify that MS17-010 is Installed
https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
How to Verify if a Machine is Vulnerable to EternalBlue - MS17-010
https://support.sophos.com/support/s/article/KB-000038107?language=en_US
Sophos Labs Sample Submission
https://support.sophos.com/support/s/filesubmission?language=en_US
Sophos MTR Rapid Response
https://www.sophos.com/en-us/products/managed-threat-response/rapid-response.aspx