Check Point Research Profile picture
Fighting cyber threats one research at a time. News from Check Point’s (@checkpointSW) Research team. Podcast: https://t.co/Cp128Xv0CM…
Jun 28, 2022 8 tweets 2 min read
#BREAKING We found files related to the attack against the Steel Industry in Iran.
Initial analysis shows that the malware is connected to the attacks against Iran Railways last year, an attack that was thoroughly described in our previous research.

Here's what we know so far >> An executable, "Chaplin.exe", is a variant of Meteor — the wiper that attacked Iran's Railways and government last year. It's clear that both variants share a codebase, but Chaplin, unlike Meteor, and its previous variants — Stardust and Comet, lacks the wiping functionality >>
Nov 5, 2018 4 tweets 4 min read
#malspam campaign from 2.11 delivers both #LokiBot and #azorult interchangeably, archived in ISO files.
Files are packed with VB6 packer with file size of 524KB.
All C2 domains were active 31.10-2.11.
Sender: finances@ketmarine.nl
Subject: “Roxanne Heijt - Payment Swift Copy FYR” #LokiBot #IOCs:
virustotal.com/#/file/71156ab… -> jadak[.]cf/minel/fre.php
virustotal.com/#/file/e7e002f… -> barzenkiyader[.]cf/Panel/five/fre.php