Results for web filtering

Threat Research

New Remcos RAT Variant is Spreading by Exploiting CVE-2017-11882

Several days ago, FortiGuard Labs captured a malware sample that was exploiting the Microsoft Office vulnerability CVE-2017-11882 patched by Microsoft last November. The sample is an RTF document with an Equation object. By analyzing its behavior in my test environment, I realized that it spreads a new variant of Remcos RAT, version “2.0.4 Pro,” that was released on April 7, 2018 from its official website. It is able to control the victim’s PC after infection.

By Xiaopeng ZhangMay 04, 2018

Threat Research

Trickbot’s New Reconnaissance Plugin

Fortinet FortiGuard Labs has found a new plugin named networkDLL that is being distributed to the victims of the Trickbot Trojan. This new plugin is similar to the old DomainGrabber plugin discovered late last year in that they both try to collect information about the victim’s network. In fact, we have observed the same functions being used by both plugins.

Threat Research

A Deep Dive Analysis of the FALLCHILL Remote Administration Tool

FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats.

By Minh TranNovember 28, 2017

Business and Technology

Fortinet to Demonstrate Broadest Portfolio of Cloud Security Solutions at AWS re:Invent in Las Vegas

Fortinet is proud to be a Gold Sponsor of the 6th annual AWS re:Invent conference, being held at the Venetian Hotel in Las Vegas between November 27th and December 1st. re:Invent is the largest gathering of members of the global cloud community in the world, bringing together over 40,000 attendees from over 80 different nations attending over 1,000 different technical sessions, keynote addresses, labs, and special events over the course of the conference. Fortinet will be showcasing our latest cloud-based solutions, including the Fortinet...

By Cynthia HsiehNovember 17, 2017

Threat Research

Potential Malware Campaign Targeting JustSystems Ichitaro Users

Recently, we came across some interesting samples in jtd format, which is the file format used by JustSystems Ichitaro. The following is a quick primer for readers who are unfamiliar with the Japanese market.

By Minh TranNovember 09, 2017

Threat Research

Tracking the Bad Rabbit

A new ransomware campaign dubbed “Bad Rabbit” has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US.

By FortiGuard SE TeamOctober 25, 2017