W32/Tibs.KD!tr
Analysis
- alsys.exe
- SERVICES.EXE
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- value:
- data: undefinedSystemundefined\alsys.exe
- key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- value:
- data: undefinedSystemundefined\alsys.exe
- key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
- value: Start
- data: 4
- Email format:
- Subject:
- Attachments: one of the following:
- flash postcard.exe
- greeting card.exe
- greeting postcard.exe
- postcard.exe
I Think of You
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |