W32/Stration.H@mm
Analysis
Registry Information creates the entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rsmb = "undefinedWindowsundefined\rsmb.exe s Email Propagation subject: hello body: The message contains Unicode characters and has been sent as a binary attachment. attachemnt: body.zip
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |