This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prabulingam_N1
Advisor
‎2017-08-16 03:12 PM

2 New hits - Mamba, Diablo6 and old Cerberware

Dear All,

Hope new variants of ransomware getting floated now.

Anyone have clue of signatures to be available for block in CheckPoint?

1) Diablo6: New Variant of Locky Ransomware

2) New variant of Mamba

3) Cerberware (This is older one)

Regards, Prabulingam.N

0 Kudos
2 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus
‎2017-08-16 11:21 PM

Please see : Threat Intelligence News 14 August 2017 

"

The Mamba ransomware, which affected San Francisco’s Metro last year, has recently resurfaced and targeted corporations in Brazil and Saudi Arabia, according to researchers. The article includes a technical analysis of the ransomware.

Check Point Anti-Bot blade provides protection against this threat (Trojan-ransom.Win32.Mamba.*)

A new variant of the popular Locky ransomware named Diablo6 is being spread in a spam email
campaign.


Check Point IPS and Anti-Bot blades provide protection against this threat (Suspicious Mail Attachment Containing JavaScript Code; Trojan-ransom.Win32.Locky.*; Operator.Locky)

"

Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files:

Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files | Check Point Blo... 

0 Kudos
Prabulingam_N1
Advisor
‎2017-08-17 12:04 PM
In response to Ofir_Shikolski

Dear Ofir,

Thanks for prompt response. 

I can see signatures been updated for Locky & Cerber in Threat Prevention_Protections Tab as below:

(Trojan-Downloader.Win32.Cerber.* Trojan-Ransom.Win32.Cerber.* Trojan-Ransom.Win32.Locky.*  

 Trojan-Downloader.Win32.Locky.*)

But unable to see any signature search for Mamba in Threat Prevention_Protections Tab 

(Threat Wiki shows Trojan-ransom.Win32.Mamba.*)

Please help us out in above.

Regards, Prabulingam.N

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top