virus logo Virus

JS/Phishing.DE!tr

description-logoAnalysis

JS/Phishing.DE!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as JS/Phishing.DE!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware will attempt to gain access to the victim's credentials by utilizing social engineering tactics.

  • Masquerading as a login page for legitimate companies, including DHL, OneDrive and Adobe, it will prompt the user to enter their login information in order to view sensitive documents.

  • After the login information is entered into the phishing form, the form data will be sent to the attacker, therefore compromising the user's credentials.


  • Below are images of the malware:

    • Figure 1: Fake OneDrive login page.


    • Figure 2: Fake Adobe login page.


    • Figure 3: Fake DHL login page.


  • Following are some of the exact IOCs/file hashes associated with this detection:
    • Md5:7e81f51bc3f389006a1272f17dc7a453
      Sha256:c9cdfcd256861b88bf1569bc401315b64d8c5e0869d450c22648b02f7d71ed66
    • Md5:901a5bac43755ff5844bf20858b9803d
      Sha256:1aa244fe688cb8f0b4cdbac2c9dc5098fae5ee77904a65434d2441027b73cf2d

    • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    FortiClient
    FortiAPS
    FortiAPU
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2023-02-21 91.00794
    2022-07-28 90.04556
    2022-02-01 89.09233
    2021-09-06 88.00920
    2021-09-04 88.00868
    2021-08-31 88.00773
    2021-08-31 88.00768
    2021-08-30 88.00750
    2021-04-14 85.00448
    2021-04-14 85.00444
    ID 10016512
    Released Nov 18, 2022
    Description
    Updated    		 Apr 09, 2021
    Aliases JS:Phishing-DE [Phish]
    Platform Profile Java Script