Page 1 of 1
[RESOLVED] Emocheck packet to verify the presence of EMOTET
Published: September 8, 2020 - 12:27 PM
by wapt42
Hello everyone.
Following the announcement made by CERT-FR
(https://www.cert.ssi.gouv.fr/alerte/CER ... 0-ALE-019/)
, EMOTET is back!
The resources in this post provide tools such as EmoCheck (
https://github.com/JPCERTCC/EmoCheck
Is it possible to prepare an official package at WAPT so that sysadmins/technicians can deploy it on their systems?
Thank you in advance
. Best regards.
Re: Emocheck package to verify the presence of EMOTET
Published: September 18, 2020 - 11:05 AM
by jpele
Good morning,
The package has been successfully prepared and is available here:
https://store.wapt.fr/store/tis-emocheck
As a bonus, here is the reporting command:
Code: Select all
SELECT computer_name, last_audit_status, package, last_audit_output FROM hosts h
LEFT JOIN hostpackagesstatus hps
ON h.uuid = hps.host_id
WHERE package LIKE 'tis-emocheck'
Sincerely,
Jimmy
Re: [RESOLVED] Emocheck packet to verify the presence of EMOTET
Published: October 5, 2020 - 3:11 PM
by wapt42
Hi Kevin.
Your reaction was faster than my reply.
Thank you very much for creating this package
. Cheers!
Re: Emocheck package to verify the presence of EMOTET
Published: March 3, 2022 - 4:46 PM
by jacky35
This reporting command is the absolute holy grail,
You should add it to your WAPT documentation.
Jacky
jpele wrote: ↑September 18, 2020 - 11:05
Good morning,
The package has been successfully prepared and is available here:
https://store.wapt.fr/store/tis-emocheck
As a bonus, here is the reporting command:
Code: Select all
SELECT computer_name, last_audit_status, package, last_audit_output FROM hosts h
LEFT JOIN hostpackagesstatus hps
ON h.uuid = hps.host_id
WHERE package LIKE 'tis-emocheck'
Sincerely,
Jimmy