conducting-malware-incident-response

Installation
SKILL.md

Conducting Malware Incident Response

When to Use

  • EDR or antivirus detects malware execution on one or more endpoints
  • A user reports suspicious system behavior indicative of malware infection
  • Threat intelligence indicates a malware campaign targeting the organization's industry
  • Network monitoring detects beaconing traffic consistent with known malware C2 patterns
  • A file detonation in a sandbox returns a malicious verdict

Do not use for analyzing malware samples in a research context; use dedicated malware analysis procedures for reverse engineering.

Prerequisites

Installs
93
GitHub Stars
24.8K
First Seen
Mar 16, 2026
conducting-malware-incident-response — mukul975/anthropic-cybersecurity-skills