W32/Tibs.KB!tr
Analysis
- key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- value: Agent
- data: "undefinedSYSTEMundefined\alsys.exe"
- key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- value: Agent
- data: "undefinedSYSTEMundefined\alsys.exe"
- key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
- value: Start
- data: dword:4
- anti
- avg
- avp
- blackice
- firewall
- f-pro
- hijack
- lockdown
- mcafee
- msconfig
- nav
- nod32
- rav
- reged
- spybot
- taskmgr
- troja
- viru
- vsmon
- zonea
Email Propagation
- .mil
- .gov
- microsoft
From: One of the following:
- Aldora
- Alysia
- Amorita
- Anita
- April
- Ara
- Aretina
- Barbra
- Becky
- Bella
- Bettina
- Blenda
- Briana
- Bridget
- Caitlin
- Camille
- Cara
- Carla
- Carmen
- Chelsea
- Clarissa
- Damita
...
- I Love You with All I Am
- I Still Love You
- I Think of You
- I Win with You
- I wish
- I Woof You
- I Would Do Anything
- I Would Give you Anything
- If I Could
- If I Knew
- I'll Be Your Man
- In Love
- In My Heart
- Inside My Heart
- Internet Love
- It's Your Move
- Just You
- Just You & Me
- Kiss Coupon
...
Attachment: one of the following
- Flash Postcard.exe
- flash postcard.exe
- greeting card.exe
- Greeting Card.exe
- greeting postcard.exe
- Greeting Postcard.exe
- postcard.exe
- Postcard.exe
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |