Results for rat

Threat Research

FortiGuard Labs Weekly Threat Update – Week of October 25, 2019

Learn about the cyber threats uncovered during the week of October 25, 2019.

By Jeannette Jarvis October 25, 2019

Threat Research

A Deep-Dive Analysis of the NukeSped RATs

FortiGuard Labs has been actively monitoring various APT groups such as HIDDEN COBRA. Recently, we noticed some new interesting samples from this group, so we decided to take a further look. Learn more.

By Minh TranOctober 23, 2019

Threat Research

New Remcos RAT Variant is Spreading by Exploiting CVE-2017-11882

Several days ago, FortiGuard Labs captured a malware sample that was exploiting the Microsoft Office vulnerability CVE-2017-11882 patched by Microsoft last November. The sample is an RTF document with an Equation object. By analyzing its behavior in my test environment, I realized that it spreads a new variant of Remcos RAT, version “2.0.4 Pro,” that was released on April 7, 2018 from its official website. It is able to control the victim’s PC after infection.

By Xiaopeng ZhangMay 04, 2018

Threat Research

A Deep Dive Analysis of the FALLCHILL Remote Administration Tool

FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats.

By Minh TranNovember 28, 2017

Threat Research

PDF Phishing Leads to Nanocore RAT, Targets French Nationals

Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,...

By Joie Salvio and Rommel JovenOctober 12, 2017

Threat Research

Deep Analysis of New Emotet Variant – Part 1

Background Last week, FortiGuard Labs captured a JS file that functions as a malware downloader to spread a new variant of the Emotet Trojan. Its original file name is Invoice__779__Apr___25___2017___lang___gb___GB779.js.  A JS file, as you may be aware, is a JavaScript file that can be executed by a Window Script Host (wscript.exe) simply by double-clicking on it. In this blog we will analyze how this new malware works by walking through it step by step in chronological order. A JS file used to spread malware The original JS code...

By Xiaopeng ZhangMay 03, 2017

Threat Research

Remote Password Change Vulnerability in HPE Vertica Analytic Database

Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in many corporations and government agencies, HPE’s Vertica Analytics Platform provides an SQL analytics solution built from the ground up to handle massive volumes of data and delivers blazingly...

By Honggang RenApril 20, 2017

Threat Research

German Speakers Targeted by SPAM Leading to Ozone RAT

Remote Administration Tools (RAT) have been around for a long time. They provide users and administrators with the convenience of being able to take full control of their systems without needing to be physically in front of a device. In this age of global operations, that’s a huge deal. From troubleshooting machines across countries to observing employees across rooms, RAT solutions have become widely used tools for remote maintenance and monitoring. Unfortunately, malware authors often utilize these same capabilities to compromise systems....

Industry Trends

Threat Landscape Perspectives: TeamViewer Attack – Spy vs. Spy Misdirection?

The TeamViewer news is yet another example of the changing dynamics in cybersecurity today. Fortinet’s Aamir Lakhani offers some perspective.Why is the TeamViewer news important to consider?The TeamViewer attack appears to be an organized and sophisticated attack. We have seen criminal organizations spend a great deal of money and efforts increasing their skills in order for them to conduct cybercrime. Ransomware is a good example or why criminal organizations do this. It is both extremely valuable and profitable. Likewise, a remote access and...

By John WeltonJune 02, 2016