Sophos Endpoint

Discussions Glupteba malware

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 8 subscribers
Views 507 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Glupteba malware

Seth Geftic over 4 years ago

In case you missed it on the announcement page we posted a new Live Query script to detect Glupteba malware:

https://community.sophos.com/products/intercept/early-access-program/b/blog/posts/detecting-glupteba-malware-with-sophos-edr

This thread was automatically locked due to age.

0 Seth Geftic over 4 years ago

We will continue to quickly create Live Query scripts whenever we see new threat intel to ensure that you have a way to respond to potential threats. We encourage members of the Community to do the same as well.
Cancel
Vote Up 0 Vote Down

Cancel
0 Seth Geftic over 4 years ago in reply to Seth Geftic

If you are having memory usage problems when querying we suggest you change line 50 (https://gist.github.com/andrewmundellsophos/ed42d0d6d3dc4c9e8dae0b4de301ad38#file-gulpteba-sql-L50) ... change ‘-1 days’ to something like ‘-12 hours’ and try again.
Cancel
Vote Up 0 Vote Down

Cancel
0 Seth Geftic over 4 years ago in reply to Seth Geftic

From one of our Community members:

Thanks for the tip. To work in my environment I had to reduce it further to 5 hours. This still didnt work until I also reduced the 90 days on the DNS & SHA check to 50 days as well. A very useful query, thanks for posting it.
Cancel
Vote Up 0 Vote Down

Cancel