ASP/WebShell.CL!tr
Analysis
ASP/WebShell.CL!tr is a generic detection for a trojan.
This malware has been associated with the following Hafnium article/advisory:
- https://fndn.fortinet.net/FortiGuard-Alert-Outbreaks/Hafnium-Fabric-View/
- md5: 1a7a85b0390b308b1801679e11567eac
sha256: 406b680edc9a1bb0e2c7c451c56904857848b5f15570401450b73b232ff38928
- a set of server commands : "CONNECT", "DISCONNECT", "FORWARD", "READ"
- a server default response of "Georg says, 'All seems fine"
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2021-03-08 | 84.00568 |