.Net RAT Malware Being Spread by MS Word Documents

Breaking Threat Research from FortiGuard Labs Just days ago, Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windows system. NanoCore RAT was developed in the .Net framework, and the latest Continue Reading

Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability

Threat Analysis from FortiGuard Labs In September 2018, Fortinet’s FortiGuard Labs researcher Honggang Ren discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft by following Fortinet’s responsible disclosure process. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix Continue Reading

A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587

FortiGuard Labs Threat Analysis Report Earlier this year, Fortinet’s FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned Continue Reading

Potential Ichitaro Phishing Vulnerability

The FortiGuard Labs team continually tracks phishing and spam campaigns around the world. Sending users macro-enabled documents with a malicious payload is one of the most commonly used malware attack vectors for phishing campaigns. This attack vector has been used by used by such prevalent malware families as Dridex, Fareit, Continue Reading

Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers

Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it’s a Hangul Word Processor (HWP) document leveraging the Continue Reading

Rehashed RAT Used in APT Campaign Against Vietnamese Organizations

Recently, FortiGuard Labs came across several malicious documents that exploit the vulnerability CVE-2012-0158. To evade suspicion from the victim, these RTF files drop decoy documents containing politically themed texts about a variety of Vietnamese government-related information. It was believed in a recent report that the hacking campaign where these documents Continue Reading

Deep Analysis of New Poison Ivy Variant

Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in Continue Reading

Analysis of New GlobeImposter Ransomware Variant

Over the past few days, FortiGuard Labs captured a number of JS (JavaScript) scripts. Based on my analysis, they were being used to spread the new GlobeImposter ransomware variants.  I picked one of them and did a quick analysis. The version of the variant I reviewed is “726”. Figure 1 Continue Reading

Google’s 2017 CTF – The “ASCII Art Client” Challenge

    In our last blog in this series, we discussed FortiGuard Labs’ participation in Google’s second annual Capture The Flag (CTF) competition. In this blogpost, I want to share how I solved another challenge, called“ASCII Art Client”. Challenge Description For this challenge, participants were given two files: a binary Continue Reading

An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability

FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its simplicity, it can be easily exploited by attackers. It has also been found in-the-wild by other vendors. We have Continue Reading

>