W64/HackTool.WOARK!tr
Analysis
W64/HackTool.WOARK!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge.
Below are some of its observed characteristics/behaviours:
- This malware is used to spread the GuardMiner trojan by identifying and exploiting vulnerable servers.
- It is related to the CVE-2022-22954 vulnerability, affecting VMware Workspace ONE Access and Identity Manager.
- The malware has been associated with the following third party article/advisory.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954
- Md5: 650053589fbc567aed1bf24f2429d6a3
Sha256: 4b3578ee9e81f356a89ff2e1aff6bbee8441472869b0c6c4792fc9fd486a0df5
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |