VirusW32/Brontok.D@mm
Analysis
W32/Brontok.D@mm - 06-10-06
More Info:
- c:\C:\Documents and Settings\[user]\Local Settings\Application Data\csrss.exe
- c:\C:\Documents and Settings\[user]\Local Settings\Application Data\inetinfo.exe
- c:\C:\Documents and Settings\[user]\Local Settings\Application Data\lsass.exe
- c:\C:\Documents and Settings\[user]\Local Settings\Application Data\services.exe
- c:\C:\Documents and Settings\[user]\Local Settings\Application Data\smss.exe
- c:\C:\Documents and Settings\[user]\Local Settings\Application Data\svchost.exe
- c:\windows\system32\cmd-bro-mmx.exe
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- value: NoFolderOptions
- data: 1
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
- value: DisableCMD
- data: 0
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- value: Hidden
- data: 0
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- value: HideFileExt
- data: 1
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- value: ShowSuperHidden
- data: 0
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-09-25 | 91.07290 | |
| 2020-05-05 | 77.20300 | Sig Updated |
| 2020-04-28 | 77.03500 | Sig Updated |
| 2020-02-26 | 75.54000 | Sig Updated |
| 2020-02-24 | 75.51500 | Sig Updated |
| 2019-11-25 | 73.33700 | Sig Updated |
| 2019-10-23 | 72.53400 | Sig Updated |
| 2019-10-23 | 72.53300 | Sig Updated |
| 2019-10-23 | 72.53200 | Sig Updated |
| 2019-08-06 | 70.52600 | Sig Updated |