WM/Agent!tr
Analysis
This detection is for a collection of Microsoft Office files (mostly Word documents) that contain macros that are capable of downloading possibly malicious samples. A few examples of the URLs that it downloads from are the following:
- HTTP://WWW.HUIS{Removed}.BE/FOTOS/ROLLOVER5.JPG
- HTTP://DIREC{Removed}.COM/UPLOADS/1553948075.MAC.EXE
- HTTP://CARHI{Removed}.COM/IMG/CALC.PNG
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |