JS/Nemucod.CXD!tr
Analysis
JS/Nemucod.CXD!tr is a generic detection for a type of Javascript downloader trojan that downloads and runs the Kovter malware on the compromised computer. Since this is a generic detection, files that are detected as JS/Nemucod.CXD!tr may have varying behavior.
Below are examples of some of these behavior:
- It attempts to connect and download a file from following URL:
- hxxp://blo{Removed}.com/wp-content/uploads/2017/03/counter/exe1.exe
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |