Author Archives for Richard Clayton

Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm.

October 3, 2018 4:51 am Published by Comments Off on Labeless Part 5: How to Decrypt Strings in Boleto Banking Malware Without Reconstructing Decryption Algorithm.

In this part we show how to decrypt strings present in the module of Boleto malware – without reconstructing the decryption algorithm. If you’re new to all this Labeless stuff though, please refer... Click to Read More


Labeless Part 4: Scripting

October 3, 2018 4:48 am Published by Comments Off on Labeless Part 4: Scripting

In this part of our Labeless series, we will discuss the theory behind Labeless scripting. If, however, you’re new to all this Labeless stuff, please refer to the previous articles in this series... Click to Read More


The ‘Gazorp’ Dark Web Azorult Builder

September 27, 2018 1:46 am Published by Comments Off on The ‘Gazorp’ Dark Web Azorult Builder

Research by: Nikita Fokin, Israel Gubi, Mark Lechtik – September 27, 2018 On 17th September Check Point Research found a new online builder, dubbed ‘Gazorp’, hosted on the Dark Web. Gazorp is designed for... Click to Read More


Meet Black Rose Lucy, the Latest Russian MaaS Botnet

September 13, 2018 7:51 am Published by Comments Off on Meet Black Rose Lucy, the Latest Russian MaaS Botnet

Research By: Feixiang He, Bogdan Melnykov, Andrey Polkovnichenko – September 13, 2018 An organization needs to have a collaborative hiring process, advised Steve Jobs. Always a group to follow mainstream trends closely, in recent... Click to Read More


Domestic Kitten: An Iranian Surveillance Operation

September 7, 2018 6:03 am Published by Comments Off on Domestic Kitten: An Iranian Surveillance Operation

September 7, 2018 Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some... Click to Read More


Ransom Warrior Decryption Tool

August 30, 2018 7:28 am Published by Comments Off on Ransom Warrior Decryption Tool

August 30, 2018 On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by... Click to Read More


CeidPageLock: A Chinese RootKit

August 28, 2018 12:36 am Published by Comments Off on CeidPageLock: A Chinese RootKit

Research by: Israel Gubi – August 28, 2018 Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by... Click to Read More


Interactive Mapping of APT-C-23

August 26, 2018 11:54 pm Published by Comments Off on Interactive Mapping of APT-C-23

Research by: Aseel Kayal – August 26, 2018 Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered... Click to Read More