Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
One of the many new features that will be available in E81.40 is an updated SandBlast Agent Forensic report.
For this, we have to thank our wonderful R&D Team at HQ for making this happen!
The new Forensic report contains:
- Mitre ATT&CK screen: Showing links back to the Framework
- RDP Focus: Use the Ryuk RDP Report (Overview and General Screen provide RDP Details)
- Injections: Use the Ryuk RDP Report (Shown in both Mitre Screen and Tree Views)
- Privilege Escalation: Use Cerber or Sodinokibi (Shown in both Mitre Screen and Tree Views)
- Current Ransomware affecting US Municipalities: Ryuk, Sodinokibi and Robinhood
Some of these samples have been put online, which you can take a look at:
|
Report |
Use Case |
Link |
|
Ryuk RDP |
RDP/Injections |
|
|
Sodinokibi |
Ransomware Current |
|
|
Robinhood |
Ransomware Current |
|
|
Astaroth |
Fileless Current |
|
|
Bad Rabbit |
Blog / Well Known Ransomware |
|
|
Cerber |
Blog / Well Known Ransomware |
|
|
Pokemongo |
Blog |
|
|
CTB-Faker |
Blog |
|
|
Wannacry |
Blog/ Well Known Ransomware |
|
|
Ranscam |
Blog/ Well Known Ransomware |
