JS/Agent.DVU!tr

description-logoAnalysis



JS/Agent.DVU!tr is a generic detection for a type of Javascript downloader trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • The Javascript contains a malicious part which is most likely injected to the end of the Javascript file. The Javascript connects to the following malicious URL which contains another Javascript:
    • hxxp://13{Removed}.249.116.78/jquery.js

  • The connected Javascript attempts to connect to the following URL rated as malicious:
    • hxxps://www.cpm2{Removed}.com/watch?key=789a4129e78c00008a47b36e23d65ea7



recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2021-05-04 85.00929
2019-11-20 73.21300 Sig Updated
2019-06-27 69.56700 Sig Updated
2019-06-26 69.54300 Sig Updated