Riskware/UtilityPLink75

description-logoAnalysis

Riskware/UtilityPLink75 is a detection for an attack utility.
Below are some of its observed characteristics/behaviours:

  • This detection has been associated with the following third party article/advisory.
    https://us-cert.cisa.gov/ncas/alerts/aa21-321a
    
    The correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource.

  • This command line application may and can be used to establish remote connect and control of victim host.

  • The utility displays the following user interface:

    • Figure 1: Command Line interface.


  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 1444884FAED804667D8C2BFA0D63AB13
      Sha256: c51fe5073bd493c7e8d83365aace3f9911437a0f2ae80042ba01ea46b55d2624


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2021-11-18 89.06990
2021-11-17 89.06966