Analysis of the New Modules that Emotet Spreads

Threat Analysis Report from FortiGuard Labs Just a few days ago, FortiGuard Labs published a research blog about a fresh variant of Emotet. When I wrote that blog, I had not yet detected any further malicious actions from its C&C server. However, I have continued to monitor its connections, and Continue Reading

New Stealth Worker Campaign Creates a Multi-platform Army of Brute Forcers

A Threat Analysis Report from FortiGuard Labs FortiGuard Labs recently discovered a new campaign of StealthWorker malware, also called GoBrut, that was first reported by Malwarebytes just a few days ago. This malware is written in Golang. Although uncommonly seen being used by malware, it is the same programming language Continue Reading

WordPress WooCommerce XSS Vulnerability – Hijacking a Customer Account with a Crafted Image

Overview The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress. According to BuiltWith statistics, WooCommerce is the No. 1 eCommerce platform, owning 22% of global market share in 2018. This XSS vulnerability (CVE-2019-9168) exists in the zoom Continue Reading

Breakdown of a Targeted DanaBot Attack

A FortiGuard SE Team Threat Analysis Report On Feb 5th, 2019, the FortiGuard SE team discovered a targeted attack aimed at an unknown individual working for a governmental organization located in the city of Gold Coast, Australia. Within a span of a few days, we had observed additional activity targeting Continue Reading

Analysis of a Fresh Variant of the Emotet Malware

Breaking Threat Analysis research paper by FortiGuard Labs     Emotet is not a new malware family. In fact, it’s been around for several years. We captured a JS file spreading Emotet in 2017, which I then analyzed it and published two research papers on it, Part I and Part II. Continue Reading

Oracle VirtualBox NAT Network DoS Vulnerability

Zero-Day Threat Analysis by FortiGuard Labs Oracle VirtualBox is the world’s most popular cross-platform virtualization product. The FortiGuard Labs team recently discovered on (December 6, 2018) a network Denial of Service (DoS) vulnerability in Oracle VirtualBox (CVE-2019-2527). This DoS vulnerability is caused by a crafted TCP session sent from a Continue Reading

.Net RAT Malware Being Spread by MS Word Documents

Breaking Threat Research from FortiGuard Labs Just days ago, Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windows system. NanoCore RAT was developed in the .Net framework, and the latest Continue Reading

Microsoft Windows JET Engine Msrd3x Code Execution Vulnerability

Threat Analysis from FortiGuard Labs In September 2018, Fortinet’s FortiGuard Labs researcher Honggang Ren discovered a code execution vulnerability in Windows JET Engine Msrd3x40 and reported it to Microsoft by following Fortinet’s responsible disclosure process. On patch Tuesday of January 2019, Microsoft released a Security Bulletin that contains the fix Continue Reading

A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587

FortiGuard Labs Threat Analysis Report Earlier this year, Fortinet’s FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned Continue Reading

Potential Ichitaro Phishing Vulnerability

The FortiGuard Labs team continually tracks phishing and spam campaigns around the world. Sending users macro-enabled documents with a malicious payload is one of the most commonly used malware attack vectors for phishing campaigns. This attack vector has been used by used by such prevalent malware families as Dridex, Fareit, Continue Reading

>