Results for malware research

Threat Research

New NetWire RAT Variant Being Spread Via Phishing

FortiGuard Labs recently discovered a new NetWire RAT variant spreading via phishing email. Learn more about this malware.

By Xiaopeng ZhangSeptember 23, 2019

Threat Research

A Deep Dive Into IcedID Malware: Part III - Analysis of Child Processes

In Part II of this blog series, we identified three child processes that were created by the IcedID malware. In Part III, we provide a deep analysis of those child processes.

By Kai LuJuly 22, 2019

Threat Research

The Weaponization of PUAs

In this FortiGuard Labs article we will define what a PUA is, describe its inherent risks, and how malware makes use of them by showcasing a malware sample.

By Chris Navarrete December 06, 2018

Threat Research

VPNFilter Update – New Attack Modules Documented

This most current update, also posted by Cisco Talos through the Cyber Threat Alliance, identifies additional updates to the VPNFilter malware that have not been seen previously.

By FortiGuard SE TeamSeptember 26, 2018

Threat Research

GandCrab v4.1 Ransomware and the Speculated SMB Exploit Spreader

Only two days after the release of GandCrab 4.0, FortiGuard Labs found a newer version (v4.1) being distributed using the same method, which is through compromised websites disguised as download sites for cracked applications.

By Joie SalvioJuly 12, 2018

Threat Research

Deep Analysis of New Poison Ivy/PlugX Variant - Part II

This is the second part of the FortiGuard Labs analysis of the new Poison Ivy variant, or PlugX, which was an integrated part of Poison Ivy’s code. In the first part of this analysis we introduced how this malware was installed onto victim’s systems, the techniques it used to perform anti-analysis, how it obtained the C&C server’s IP&Port from the PasteBin website, and how it communicated with its C&C server.

By Xiaopeng ZhangSeptember 15, 2017

Threat Research

On-Demand Polymorphic Code In Ransomware

Ransomware is now a common term not only in the security industry, but also in our day-to-day life. A new ransomware seems to pop up almost every given day. What we don’t normally see is how codes are implemented within these malware. Ransomware employs different techniques and attack vectors in order to infiltrate your computer system. They also use different armoring techniques to evade detection and avoid analysis. One trick they use to harden themselves against analysis is through implementing metamorphic, encryption, and polymorphic algorithms.We...

By Raul AlvarezJune 07, 2016