W64/HackTool.WOARK!tr

description-logoAnalysis

W64/HackTool.WOARK!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge.
Below are some of its observed characteristics/behaviours:

  • This malware is used to spread the GuardMiner trojan by identifying and exploiting vulnerable servers.

  • It is related to the CVE-2022-22954 vulnerability, affecting VMware Workspace ONE Access and Identity Manager.

  • The malware has been associated with the following third party article/advisory.
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954
    

  • Following are some of the exact file hashes associated with this detection:
    • Md5: 650053589fbc567aed1bf24f2429d6a3
      Sha256: 4b3578ee9e81f356a89ff2e1aff6bbee8441472869b0c6c4792fc9fd486a0df5

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2022-12-20 90.08897
2022-11-10 90.07716