Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tom_Kendrick
Employee
Employee

Mitre ATT&CK view added to SandBlast Agent Forensic reports available in upcoming E81.40

One of the many new features that will be available in E81.40 is an updated SandBlast Agent Forensic report.

For this, we have to thank our wonderful R&D Team at HQ for making this happen!

The new Forensic report contains:

  1. Mitre ATT&CK screen: Showing links back to the Framework
  2. RDP Focus: Use the Ryuk RDP Report (Overview and General Screen provide RDP Details)
  3. Injections: Use the Ryuk RDP Report (Shown in both Mitre Screen and Tree Views)
  4. Privilege Escalation: Use Cerber or Sodinokibi (Shown in both Mitre Screen and Tree Views)
  5. Current Ransomware affecting US Municipalities: Ryuk, Sodinokibi and Robinhood

MITRE.png

 

 

 

 

 

 

 

Some of these samples have been put online, which you can take a look at:

Report

Use Case

Link

Ryuk RDP

RDP/Injections

https://forensics.checkpoint.com/ryuk_rdp/

Sodinokibi

Ransomware Current

https://forensics.checkpoint.com/sodinokibi/

Robinhood

Ransomware Current

https://forensics.checkpoint.com/robinhood/

Astaroth

Fileless Current

https://forensics.checkpoint.com/astaroth/

Bad Rabbit

Blog / Well Known Ransomware

https://forensics.checkpoint.com/badrabbit/

Cerber

Blog / Well Known Ransomware

https://forensics.checkpoint.com/badrabbit/

Pokemongo

Blog

https://forensics.checkpoint.com/pokemongo/

CTB-Faker

Blog

https://forensics.checkpoint.com/ctb-faker/

Wannacry

Blog/ Well Known Ransomware

https://forensics.checkpoint.com/wannacryptor2_1/

Ranscam

Blog/ Well Known Ransomware

https://forensics.checkpoint.com/ranscam/

 

 

0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events