Riskware/UtilityPLink75
Analysis
Riskware/UtilityPLink75 is a detection for an attack utility.
Below are some of its observed characteristics/behaviours:
- This detection has been associated with the following third party article/advisory.
https://us-cert.cisa.gov/ncas/alerts/aa21-321a
The correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource. - This command line application may and can be used to establish remote connect and control of victim host.
- The utility displays the following user interface:
- Figure 1: Command Line interface.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 1444884FAED804667D8C2BFA0D63AB13
Sha256: c51fe5073bd493c7e8d83365aace3f9911437a0f2ae80042ba01ea46b55d2624
- Md5: 1444884FAED804667D8C2BFA0D63AB13
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |