cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dwee
Level 11
Report Inappropriate Content
Message 1 of 1
‎09-20-2021 11:39 PM

can't find torpig.mebroot.botnet

Hi expert,

we have intrusion warning from forti team that theres 1 system that has torpig.mebroot.botnet and already being dropped by fortiguard, in their detail logs it seems the torpig activated between 5 pm and 7 pm, 

my question, why does it keep repeating itself, and can't our ENSTP and ATP handle this? we've tried to check our EDR (filter protocol, destination ip) but we can't find the artifact / trace of the torpig on the target system, and we also don't find any traces of files for us to submit to mcafee

Torpig.zip
0 Kudos
Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2022 Musarubra US LLC