Author Archives for Richard Clayton

The Emergence of the New Azorult 3.3

October 17, 2018 1:33 pm Published by Comments Off on The Emergence of the New Azorult 3.3

Research by: Israel Gubi During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult... Click to Read More


Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm.

October 3, 2018 4:51 am Published by Comments Off on Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm.

In this part we show how to decrypt strings present in the module of Boleto malware – without reconstructing the decryption algorithm. If you’re new to all this Labeless stuff though, please refer... Click to Read More


Labeless Part 4: Scripting

October 3, 2018 4:48 am Published by Comments Off on Labeless Part 4: Scripting

In this part of our Labeless series, we will discuss the theory behind Labeless scripting. If, however, you’re new to all this Labeless stuff, please refer to the previous articles in this series... Click to Read More


The ‘Gazorp’ Dark Web Azorult Builder

September 27, 2018 1:46 am Published by Comments Off on The ‘Gazorp’ Dark Web Azorult Builder

Research by: Nikita Fokin, Israel Gubi, Mark Lechtik On 17th September Check Point Research found a new online builder, dubbed ‘Gazorp’, hosted on the Dark Web. Gazorp is designed for building binaries of... Click to Read More


Ransom Warrior Decryption Tool

August 30, 2018 7:28 am Published by Comments Off on Ransom Warrior Decryption Tool

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who... Click to Read More


CeidPageLock: A Chinese RootKit

August 28, 2018 12:36 am Published by Comments Off on CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center... Click to Read More