Dissecting a Malicious Havoc Sample www.fortinet.com/blog/thre…

This analysis is a follow-up to the investigation titled ‘Intrusion into Middle East Critical National Infrastructure’ (full report here), led by the FortiGuard Incident Response Team (FGIR), which investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East.

That report revealed that the attacker added several pieces of malware to the system’s Task Scheduler to maintain persistence. In this report, we conduct a detailed analysis of one of the malicious Havoc variant samples.