Support Center > Search Results > SecureKnowledge Details
Check Point response to MysterySnail vulnerability Technical Level
Solution
On October 13, 2021, details of an exploitation of a vulnerability in Microsoft Windows named "MysterySnail" became publicly known. Microsoft patched the vulnerability in its October 2021 Patch Tuesday.

The CVE assigned to the vulnerability is CVE-2021-40449.  

"MysterySnail" is a remote shell access Trojan installed on compromised Windows servers. "MysterySnail" has privilege escalation, advanced persistence, and data-stealing capabilities. It was recently found at the end of an exploit chain attack campaign by Chinese APT “IronHusky”.

Check Point provides security coverage from the vulnerability with these Threat Prevention protections:
  • IPS
Microsoft Win32k Elevation of Privilege (CVE-2021-40449)
  • Anti-Bot
MysterySnail.TC.[X]
  • Anti-Virus
RAT.Win32.MysterySnail.TC.[X]
  • Threat Emulation

KAV-Trojan.Win64.Agentb.[X]
RAT.Wins.MysterySnail.A 

  • Harmony Endpoint

RAT.Win.MysterySnail.B
RAT.Win.MysterySnail.C

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment