W32/CS_AA21_201A!tr
Analysis
W32/CS_AA21_201A!tr is a detection for a trojan.
Below are some of its observed characteristics/behaviours:
- This malware has been associated with the following third party article/advisory.
https://us-cert.cisa.gov/ncas/alerts/aa21-201a
The correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 05476307F4BEB3C0D9099270C504F055
Sha256: 4061d512d2b12c883d5ec03aa968af031daba7ad93d01840bc342738a3e28130 - Md5: 17199DDAC616938F383A0339F416C890
Sha256: 40d45fb455cf2db58dda6a57d437e626d5d7d86d4598d4afccab0ac7ff6d6b3e
- Md5: 05476307F4BEB3C0D9099270C504F055
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |