MSOffice/Follina.536C!exploit
Analysis
MSOffice/Follina.536C!exploit is a generic detection for an exploit.
An exploit is a malicious program that takes advantage of a software vulnerability that may enable a remote attacker to gain access to the targeted system. Since this is a generic detection, malware that are detected as MSOffice/Follina.536C!exploit may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware is related to the Follina vulnerability outbreak. It has the identifier CVE-2022-30190. The exploit involves a compromised MSOffice file that contains a malicious URL which leads to a download. The compromised file may be sent as a suspicious email.
- The exploit allows attackers to execute arbitrary code with the privileges of the calling application by exploiting the vulnerability affecting the Microsoft Support Diagnostic Tool (MSDT).
- This malware has been associated with the following third party article/advisory.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability
|
- https://xmlform[removed]rawing/RDF8421.html!
- Md5: 52945af1def85b171870b31fa4782e52
Sha256: 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |