rtf


In part 1 of FortiGuard Labs’ analysis of a new variant of the BADNEWS backdoor, which is actively being used in the MONSOON APT campaign, we did a deep technical analysis of what this backdoor of capable of and how the bad guys control it using the command and control server. In this part of the analysis, we will try to discover who might be behind the distribution of these files. [Read More]
by RSS Jasper Manuel and Artem Semenchenko  |  Apr 05, 2017  |  Filed in: Security Research
Three weeks ago, FortiGuard Labs, along with @_ddoxer (Roland de la Paz), using VirusTotal Intelligence queries, spotted a document with the politically themed file name (Senate_panel.doc). This malicious RTF file takes advantage of the vulnerability CVE-2015-1641. [Read More]
by RSS Jasper Manuel and Artem Semenchenko  |  Apr 05, 2017  |  Filed in: Security Research
Recently, we have been receiving samples that use “decoys” to imitate what is to be expected from running a normal file. In this blog post, we will analyze one such sample that Fortinet detects as W32/Kryptik.CWXI!tr. Execution The sample uses an icon similar to Microsoft Word documents. Figure 1. File icon used by the malware. If our Windows Folder Options are set to “Hide extensions for known file types”, then we might not notice that the extension of this file is “scr”, which is associated with... [Read More]
by RSS Nathan Cheung  |  Feb 16, 2015  |  Filed in: Security Research