JS/Phishing.DE!tr
Analysis
JS/Phishing.DE!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as JS/Phishing.DE!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware will attempt to gain access to the victim's credentials by utilizing social engineering tactics.
- Masquerading as a login page for legitimate companies, including DHL, OneDrive and Adobe, it will prompt the user to enter their login information in order to view sensitive documents.
- After the login information is entered into the phishing form, the form data will be sent to the attacker, therefore compromising the user's credentials.
|
|
|
- Md5:7e81f51bc3f389006a1272f17dc7a453
Sha256:c9cdfcd256861b88bf1569bc401315b64d8c5e0869d450c22648b02f7d71ed66 - Md5:901a5bac43755ff5844bf20858b9803d
Sha256:1aa244fe688cb8f0b4cdbac2c9dc5098fae5ee77904a65434d2441027b73cf2d
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |