Hi All,

we checked for the Emotet campaign on the microsoft site :

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fEmotet#tab=2

In this campaign, there are Microsoft IPs listed as well that may affect the environment.

please let us know on what basis are microsoft IPs listed there. Is there any threat from those IP and should they be blocked at proxy level or was the filteration of IPs not proper.

I don't think there is any Microsoft IP there and most of these IPs should have been blocked.

However, if you monitored any of these IPs , you should block them or black list them.

In you have SCEP, Forefront or any other Microsoft Anti-Malware products, it will detect and remove it and you should make sure all endpoints are update and real-time protection is on.