W32/Brontok.N@mm
Analysis
W32/Brontok.N@mm - 06-10-06
More Info:
- Baca Bro !!!.txt
- c.bron.tok.txt
- csrss.exe
- lsass.exe
- services.exe
- smss.exe
- winlogon.exe
- yesbron.com
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- value: [dropped file]
- data: [location/path of dropped file]
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- value: [dropped file]
- data: [location/path of dropped file]
- key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
- value: AlternateShell
- data: [name of the dropped .com file]
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2021-11-09 | 89.06714 | |
2021-08-24 | 88.00613 | |
2021-05-25 | 86.00433 | |
2021-03-12 | 84.00661 | |
2020-05-12 | 77.37200 | Sig Updated |
2020-03-01 | 75.63800 | Sig Updated |
2020-03-01 | 75.63600 | Sig Updated |
2019-10-15 | 72.34800 | Sig Updated |
2019-09-04 | 71.36500 | Sig Updated |
2019-05-03 | 68.25100 | Sig Updated |