Intrusion PreventionPhorpiex.Botnet
Description
This indicates that a system might be infected by Phorpiex Botnet.
Phorpiex is a Windows malware that has abilities to spread ransomware, run cryptocurrency miners, and replace a victim's cryptocurrency wallet address in clipboard with one controlled by the attacker.
All botnet signatures from FortiOS 5.6 onwards are under IPS, and have their default action set to "Block".
Affected Products
Any unprotected Windows system is vulnerable.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
If required, the signature's action can be set to "Block".
Please use Anti-Virus software to scan and clean the infected devices.
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-03-24 | 31.975 |
Modified
|
Sig Added |
| ID | 56653 |
| Created | Oct 02, 2024 |
| Updated | Mar 24, 2025 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Malware |