Several days ago, FortiGuard Labs captured a malware sample that was exploiting the Microsoft Office vulnerability CVE-2017-11882 patched by Microsoft last November. The sample is an RTF document with an Equation object. By analyzing its behavior in my test environment, I realized that it spreads a new variant of Remcos RAT, version “2.0.4 Pro,” that was released on April 7, 2018 from its official website. It is able to control the victim’s PC after infection.
Fortinet FortiGuard Labs has found a new plugin named networkDLL that is being distributed to the victims of the Trickbot Trojan. This new plugin is similar to the old DomainGrabber plugin discovered late last year in that they both try to collect information about the victim’s network. In fact, we have observed the same functions being used by both plugins.
FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats.
Fortinet is proud to be a Gold Sponsor of the 6th annual AWS re:Invent conference, being held at the Venetian Hotel in Las Vegas between November 27th and December 1st. re:Invent is the largest gathering of members of the global cloud community in the world, bringing together over 40,000 attendees from over 80 different nations attending over 1,000 different technical sessions, keynote addresses, labs, and special events over the course of the conference. Fortinet will be showcasing our latest cloud-based solutions, including the Fortinet...
Recently, we came across some interesting samples in jtd format, which is the file format used by JustSystems Ichitaro. The following is a quick primer for readers who are unfamiliar with the Japanese market.
A new ransomware campaign dubbed “Bad Rabbit” has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US.