Check Point Blog

The Emergence of the New Azorult 3.3

Research by: Israel Gubi During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult is a long known information stealer and malware downloader, …

Read More
Research October 17, 2018

Godzilla Loader and the Long Tail of Malware

Research by: Ben Herzog To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for a security analyst, it’s easy to fall into the kind of thin…

Read More
Research October 14, 2018

Labeless Part 6: How to Resolve Obfuscated API Calls in the Ngioweb Proxy Malware

In this part we show how to deal with obfuscated Windows API calls in Ngioweb malware using Labeless and x64dbg without reconstructing API-resolving algorithm. If you’re new to all this Labeless stuff, though, please refer to the previous articles in t…

Read More
Research October 3, 2018

Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm.

In this part we show how to decrypt strings present in the module of Boleto malware – without reconstructing the decryption algorithm. If you’re new to all this Labeless stuff though, please refer to the previous articles in this series as they will be…

Read More
Research

Labeless Part 4: Scripting

In this part of our Labeless series, we will discuss the theory behind Labeless scripting. If, however, you’re new to all this Labeless stuff, please refer to the previous articles in this series as they will be helpful in explaining on what’s going on…

Read More
Research

The ‘Gazorp’ Dark Web Azorult Builder

Research by: Nikita Fokin, Israel Gubi, Mark Lechtik On 17th September Check Point Research found a new online builder, dubbed ‘Gazorp’, hosted on the Dark Web. Gazorp is designed for building binaries of the popular malware, Azorult, an infostealer us…

Read More
Research September 27, 2018

Meet Black Rose Lucy, the Latest Russian MaaS Botnet

Research By: Feixiang He, Bogdan Melnykov, Andrey Polkovnichenko An organization needs to have a collaborative hiring process, advised Steve Jobs. Always a group to follow mainstream trends closely, in recent years we’ve seen cyber criminals take great…

Read More
Research September 13, 2018

Domestic Kitten: An Iranian Surveillance Operation

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internali…

Read More
Research September 7, 2018

Ransom Warrior Decryption Tool

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who would appear to also not be so e…

Read More
Research August 30, 2018

CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center a few months ago, when it was detected trying to tam…

Read More
Research August 28, 2018