JS/Phish.64F6!tr
Analysis
JS/Phish.64F6!tr is a detection for a Phishing trojan.
Below are some of its observed characteristics/behaviours:
- This malware will attempt to gain access to the victim's credentials by utilizing social engineering tactics.
- The malware will direct the user to http://bafybei[removed]enuupl.js.
- Masquerading as an Office 365 login page, it will prompt the user to enter their credentials in order to view the document.
- After the login information is entered into the phishing form, the information will be sent to the attacker, therefore compromising the user's credentials.
- https://bafybei[removed]enuupl.js
- Md5:322bd28d549b8534939e8581f7a464f6
Sha256:a1e4c92fa47944d98fda45779e1b805d674223e740d9092c0c7f4aca70ea7a15
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |