Rig EK was first introduced in April 2014. It has since received several large updates and continues to be active to this day. In 2015, as result of an internal feud between its operators, the source code was leaked and has been thoroughly investigated by researchers. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
see more in Check Point Research

Rig EK was first introduced in April 2014. It has since received several large updates and continues to be active to this day. In 2015, as result of an internal feud between its operators, the source code was leaked and has been thoroughly investigated by researchers. Rig delivers Exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and delivers the exploit.
see more in Check Point Research

A common adware which is disguised as a performance improving software. CoreInstaller runs in the browser's background, displays ads, redirects search requests to advertising websites and collects marketing-type data about the user in order to display customized ads on the computer.
see more in Check Point Research

Enhanced Support for Password-Protected Documents – Admins can now configure a default action for password-protected documents, so that if such files reach emulation, they will be allowed or blocked by default.

To configure such default action, follow the instructions in sk132492

Attachments from Nested MSG Files – Threat Emulation now supports emulating files that are attached to MSG files that themselves are attached to other MSG files.

Enhanced Logging for Emulated Archive Files – Until this update, emulation of archive files generated a single log on for the archive file itself. With this release the archive file log includes the names of all the files inside it in addition a new log is generated for every file extracted from the archive as with its emulation results.

This log contains the name of the archive file, so that logs are correlated easily between the archive file and those of the files it contains.

Enhanced protection against BaseStriker – SandBlast configured in MTA mode now protects against malicious emails containing URLs utilizing BaseStriker technique.

Improving MTA disk space usage – Adding a scheduled task that delete old temporary files (sk117634 is now integrated into MTA}