Results for Floser Bacurio Jr. and Joie Salvio

Threat Research

New Trickbot Plugin Harvests Email Addresses from SQL Servers, ScreenLocker Module Not for Ransom

Just a week after publishing our discovery of Trickbot’s networkDLL, the FortiGuard Labs monitoring system has found a new module called squlDll that is being actively distributed to the banking trojan’s victims.

Threat Research

Trickbot’s New Reconnaissance Plugin

Fortinet FortiGuard Labs has found a new plugin named networkDLL that is being distributed to the victims of the Trickbot Trojan. This new plugin is similar to the old DomainGrabber plugin discovered late last year in that they both try to collect information about the victim’s network. In fact, we have observed the same functions being used by both plugins.

Threat Research

Locky Happens: Notorious Ransomware Leaves an Unpleasant Trace

We attended the recent VB 2016 conference to present our findings on the development and evolution of Locky ransomware. In that same presentation we also discussed an automation system designed by Fortiguard to extract its configuration and hunt for new variants. Locky-ly (*wink*), while improving the system we couldn’t help but notice another new variant. Actually, aside from the encrypted file name extension change, there are no major developments from the “.odin” variant in this new variant. However, it appears that criminals...

Threat Research

German Speakers Targeted by SPAM Leading to Ozone RAT

Remote Administration Tools (RAT) have been around for a long time. They provide users and administrators with the convenience of being able to take full control of their systems without needing to be physically in front of a device. In this age of global operations, that’s a huge deal. From troubleshooting machines across countries to observing employees across rooms, RAT solutions have become widely used tools for remote maintenance and monitoring. Unfortunately, malware authors often utilize these same capabilities to compromise systems....