I did a live query with the suggested code from the article and it gives me
Complete, no data sent
for all endpoints.
The reg keys are not present. So there should be some message like "ActiveX setting…
Thank you for contacting the Sophos Community. Sophos has released the following news article regarding this vulnerability. - https://nakedsecurity.sophos.com/2021/09/08/windows-zero-day-mshtml-attack-how-not-to-get-booby-trapped/
Within the article the following AV detection names are outlined. You can also see "CXmail/CXweb" detections generated from matching files.
Exp/2140444-A Troj/JSExp-W Troj/Cabinf-ATroj/Agent-BHROTroj/Agent-BHPO &
Intercept X has a behavioral detection that corresponds with the behavior of the exploit itself.
Any web-servers seen in the attacks will have their IP addresses re-classified as "C2" destinations, or "Malware/Callhome".
Hi Kushal Lakhan, what will be the name of the IDEs for Sophos endpoint protection? Thanks a lot