- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
SandBlast Threat Extraction and CADET delivered on the Check Point zero-day prevention promise by blocking yet another completely new attack vector.
On June 11th, a researcher from SpecterOps discovered a new infection vector using the SettingContent-ms file type. The attack was rapidly updated and was used in a FlawAmmyy RAT Massive Malspam campaign that embedded the SettingContent-ms file into a PDF file. It bypassed previously introduced Windows 10 defenses, including Attack Surface Reduction (ASR) and detection of OLE-embedded dangerous file formats.
SandBlast Threat Extraction effectively cleaned the file by removing the JavaScript and embedded malicious file, rendering the file harmless. Additional network protection was achieved by CADET (Context-Aware Detection and Elimination of Threats), our AI-based technology, effectively preventing the RAT loader and malicious payload. CADET and Threat Extraction blocked the “Patient Zero” infection without the need for an update or a signature.
My recording of malicious file behavior vs. the cleaned file. Kudos to Netanel Ben Simon for staging the attack:
Another Great Threat Extraction win.
Gadi
---------------
26.9.18 (GN) Edited to better explain the Screen Shot
4.10.18 (GN) Changed the screen capture to a video showing the malicious behavior vs. a cleaned file behavior
8.10.18 (GN) Updated the recording with narration
What's up with the file open dialog? I thought the file was cleaned so why the question?
The screen shot is taken from the emulation report of the original exploit.
I'll add a screen shot of the cleaned file.
Thanks
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY