conducting-malware-incident-response
Installation
SKILL.md
Conducting Malware Incident Response
When to Use
- EDR or antivirus detects malware execution on one or more endpoints
- A user reports suspicious system behavior indicative of malware infection
- Threat intelligence indicates a malware campaign targeting the organization's industry
- Network monitoring detects beaconing traffic consistent with known malware C2 patterns
- A file detonation in a sandbox returns a malicious verdict
Do not use for analyzing malware samples in a research context; use dedicated malware analysis procedures for reverse engineering.