Posts: 15,569
Threads: 10,027
Thanks Received: 9,253 in 7,404 posts
Thanks Given: 10,105
Joined: 12 September 18
30 January 20, 10:05
(This post was last modified: 30 January 20, 10:06 by harlan4096.)
Quote:
VirusTotal MultiSandbox += BitDam ATP
VirusTotal would like to welcome BitDam to the multi-sandbox project!
In their own words:
Quote:BitDam Advanced Threat Protection (ATP) is a cloud-based engine that proactively detects threats, pre-delivery, preventing hardware and logical exploits, ransomware, spear-phishing and zero-day attacks contained in files and URLs. BitDam’s patented attack-agnostic technology shows remarkably higher protection rates compared to engines that are based on knowledge of previous threats. It learns the normal code-level executions of business applications such as MS-Word and Acrobat Reader, creating a whitelist knowledge-base. Based on this knowledge, the detection engine determines whether a given file or weblink is malicious or not, regardless of the specific malware it may contain.
Let's take a deeper look at some interesting samples showcasing BitDam's capabilities:
XLS spreadsheet with macro in a hidden sheet which launches powershell This file contains a macro which accesses certain cells in a hidden sheet to retrieve the payload and then runs powershell with an obfuscated command line. The powershell script spawns a .NET related processes to compile the payload.
...
Continue Reading
![[Image: backpocket.jpg]](https://1.bp.blogspot.com/-BpNrvrKOPBI/XG2FxqlH7_I/AAAAAAAAAzM/EZCrw7quC6kKQiEfuK5LYNR3_3G3PQkVgCK4BGAYYCw/s820/backpocket.jpg)
![[-]](https://www.geeks.fyi/images/collapse.png)
