UnixTime

Research Note

Malware Infection Response Record

Use this record when malware is suspected or confirmed and the organization needs evidence of detection, containment, cleaning/rebuild, verification, and lessons learned.

On this page

When to use this

Use this record when malware is suspected or confirmed and the organization needs evidence of detection, containment, cleaning/rebuild, verification, and lessons learned.

Incident record

Field Value
Record ID TBD
Date/time detected TBD
Asset/user affected TBD
Detection source TBD
Malware/symptom TBD
Initial impact TBD
Containment action TBD
Cleaning or rebuild action TBD
Verification performed TBD
Data/access impact reviewed? Yes/No
Closed by TBD
Lessons learned / corrective action TBD

Minimum checks

  • Detection was recorded.
  • Asset was contained where needed.
  • Cleaning or rebuild was completed.
  • Recovery was verified.
  • Related credentials or access were reviewed where needed.
  • Lessons learned or corrective action was recorded.