Check Point Blog

Research August 30, 2018

Ransom Warrior Decryption Tool

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who would appear to also not be so e...

Read More
Research August 28, 2018

CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center a few months ago, when it was detected trying to tam...

Read More
Research August 26, 2018

Interactive Mapping of APT-C-23

Research by: Aseel Kayal Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered in early 2017, it is still active today an...

Read More
Research August 23, 2018

Labeless Part 3: How to Dump and Auto-Resolve WinAPI Calls in LockPos Point-of-Sale Malware

In this part we show how to automatically resolve all WinAPI calls in malicious code dump of LockPoS Point-of-Sale malware. Instead of manually reconstructing a corrupted Import Address Table we simply extract a target portion of code in the research d...

Read More
Research

Labeless Part 2: Installation

In this part we will be guiding you through the installation of Labeless. Post install steps to verify that installation was done correctly are also provided below. Of course, if you’re new to all the Labeless stuff, please refer to the previous articl...

Read More
Research

Labeless Part 1: An Introduction

Labeless, a plugin for both IDA and popular debuggers, is an invaluable tool in the researcher’s tool kit. In this first part of a four part series, we will be mainly introducing Labeless and covering the following: What is Labeless? What can be done w...

Read More
Research August 20, 2018

Ryuk Ransomware: A Targeted Campaign Break-Down

Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers in each infected compan...

Read More
Research August 16, 2018

VBEtaly: An Italian Ursnif MalSpam Campaign

Check Point researchers have found another wave of the Ursnif malspam campaign targeting Italy. Only a few details are known so far but what we have found is that the file delivered is a VBE file (encoded VBS) named “SCANSIONE.vbe” and is delivered via...

Read More
Research August 12, 2018

Faxploit: Sending Fax Back to the Dark Ages

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver a physical message from a sender to a receiver. Technolo...

Read More
Research

Man-in-the-Disk: Android Apps Exposed via External Storage

Research By: Slava Makkaveev Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an attack resulting in any number of undesired o...

Read More