Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Check Point Research Profile picture
Check Point Research
@_CPResearch_
Fighting cyber threats one research at a time. News from Check Point’s (@checkpointSW) Research team. Podcast: https://t.co/Cp128Xv0CM…
Jun 28, 2022 8 tweets 2 min read
#BREAKING We found files related to the attack against the Steel Industry in Iran.
Initial analysis shows that the malware is connected to the attacks against Iran Railways last year, an attack that was thoroughly described in our previous research.

Here's what we know so far >> An executable, "Chaplin.exe", is a variant of Meteor — the wiper that attacked Iran's Railways and government last year. It's clear that both variants share a codebase, but Chaplin, unlike Meteor, and its previous variants — Stardust and Comet, lacks the wiping functionality >>
Nov 5, 2018 4 tweets 4 min read
#malspam campaign from 2.11 delivers both #LokiBot and #azorult interchangeably, archived in ISO files.
Files are packed with VB6 packer with file size of 524KB.
All C2 domains were active 31.10-2.11.
Sender: finances@ketmarine.nl
Subject: “Roxanne Heijt - Payment Swift Copy FYR” #LokiBot #IOCs:
virustotal.com/#/file/71156ab… -> jadak[.]cf/minel/fre.php
virustotal.com/#/file/e7e002f… -> barzenkiyader[.]cf/Panel/five/fre.php