Analysis of the New Modules that Emotet Spreads

Threat Analysis Report from FortiGuard Labs Just a few days ago, FortiGuard Labs published a research blog about a fresh variant of Emotet. When I wrote that blog, I had not yet detected any further malicious actions from its C&C server. However, I have continued to monitor its connections, and Continue Reading

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A Threat Analysis Report from FortiGuard Labs FortiGuard Labs recently discovered a new campaign of StealthWorker malware, also called GoBrut, that was first reported by Malwarebytes just a few days ago. This malware is written in Golang. Although uncommonly seen being used by malware, it is the same programming language Continue Reading

Breakdown of a Targeted DanaBot Attack

A FortiGuard SE Team Threat Analysis Report On Feb 5th, 2019, the FortiGuard SE team discovered a targeted attack aimed at an unknown individual working for a governmental organization located in the city of Gold Coast, Australia. Within a span of a few days, we had observed additional activity targeting Continue Reading

Analysis of a Fresh Variant of the Emotet Malware

Breaking Threat Analysis research paper by FortiGuard Labs     Emotet is not a new malware family. In fact, it’s been around for several years. We captured a JS file spreading Emotet in 2017, which I then analyzed it and published two research papers on it, Part I and Part II. Continue Reading

Oracle VirtualBox NAT Network DoS Vulnerability

Zero-Day Threat Analysis by FortiGuard Labs Oracle VirtualBox is the world’s most popular cross-platform virtualization product. The FortiGuard Labs team recently discovered on (December 6, 2018) a network Denial of Service (DoS) vulnerability in Oracle VirtualBox (CVE-2019-2527). This DoS vulnerability is caused by a crafted TCP session sent from a Continue Reading

Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability

Threat Analysis from FortiGuard Labs In September 2018, Fortinet’s FortiGuard Labs researcher Honggang Ren discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft by following Fortinet’s responsible disclosure process. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix Continue Reading

A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587

FortiGuard Labs Threat Analysis Report Earlier this year, Fortinet’s FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned Continue Reading

Petya’s Master Boot Record Infection

Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.” In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:WindowsPetya). If it exists, it terminates by Continue Reading

Threat Insights: The Future of Smart and Automated Threats

Threat report data is only as useful as the analysis and context that goes along with it. We asked Derek Manky, global security strategist with our FortiGuard Labs team, to share his thoughts on what some of the data in our recent Threat Landscape Report means going forward. What at Continue Reading

Deep Analysis of New Emotet Variant – Part 2

Background This is the second part of FortiGuard Labs’ deep analysis of the new Emotet variant. In the first part of the analysis we demonstrated that by bypassing the server-side Anti-Debug or Anti-Analysis technique we could download three or four modules (.dll files) from the C&C server. In that first Continue Reading

>