Results for variant

Threat Research

New Variant of Remcos RAT Observed In the Wild

Recently, we identified several new spam samples as a Remcos RAT campaign. Read more about our analysis of this threat.

Threat Research

Recent Security Research News

This blog post is a summary of some recent research work that caught my attention in May 2018.

By Axelle ApvrilleJune 28, 2018

Threat Research

Analysis of New Agent Tesla Spyware Variant

Recently, FortiGuard Labs captured a new malware sample that was spread via Microsoft Word documents. After some quick research, I discovered that this was a new variant of the Agent Tesla spyware. I analyzed another sample of this spyware last June and published a blog about it. In this blog, I want to share what’s new in this new variant.

By Xiaopeng ZhangApril 05, 2018

Threat Research

Evasive Sage 2.2 Ransomware Variant Targets More Countries

FortiGuard Labs just recently found new Sage ransomware samples that, while they appear to still be Sage 2.2, now have added tricks focused on anti-analysis and privilege escalation. In this article, we will share our findings of these recent updates.

Threat Research

Deep Analysis of New Poison Ivy Variant

Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in the file is executed. It downloads the Poison Ivy malware onto the victim’s computer and then launches it. In this blog, I’ll show the details of how this happens, what techniques are used by this malware, as well as...

By Xiaopeng ZhangAugust 23, 2017

Threat Research

Locky Strikes Another Blow, Diablo6 Variant Starts Spreading Through Spam

A few days ago, while scouring through Fortinet’s Kadena Threat Intelligence System (KTIS), we found an emerging spam campaign. Initially, it was the scale that caught our attention, and then it got a lot more interesting when the payload was found out to be a new variant of the infamous Locky.

Threat Research

The First Major Update of Cerber 4 Ransomware Has Surfaced

Cerber 4.1.0 is already here!  In this blog we will share information about this updated version uncovered by Fortinet, including its differences and similarities compared to previous versions.  Cerber is a classic ransomware tool that encrypts victims’ files and then demands payments to decrypt them. Victims are given a period of time for making the payments and then (hopefully) having their original unencrypted files restored. Cerber marks encrypted files with a specific extension. In previous versions (Cerber 2 and 3), encrypted...