Active Malware Remediation: Trickbot & Emotet

Jay from Sophos Support goes over the steps to handle an Emotet or TrickBot infection in your environment.

Skip ahead to these sections:

0:00 Overview
1:40 Prerequisites
6:15 Remediation
8:51 Additional Information

Resources

Sophos MTR Rapid Response: https://www.sophos.com/en-us/products/managed-threat-response/rapid-response.aspx

Sophos Source of Infection (SOI) Tool: How to Download and Use
https://support.sophos.com/support/s/article/KB-000033931?language=en_US

How To: Running the Source of Infection (SOI) Tool on a Remote Computer
https://support.sophos.com/support/s/article/KB-000034560?language=en_US

Sophos Central Endpoint: Recommended Threat Protection Policy Settings
https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ConfigureMalwareProtection.html

Sophos Central Server: Recommended Threat Protection Policy Settings
https://support.sophos.com/support/s/article/KB-000038565?language=en_US

Sophos Central Admin Guide: Early Access Programs
https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/EarlyAccessPrograms.html

How to Verify that MS17-010 is Installed
https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed

How to Verify if a Machine is Vulnerable to EternalBlue - MS17-010
https://support.sophos.com/support/s/article/KB-000038107?language=en_US

Sophos Labs Sample Submission
https://support.sophos.com/support/s/filesubmission?language=en_US

Sophos MTR Rapid Response
https://www.sophos.com/en-us/products/managed-threat-response/rapid-response.aspx

Embed