| ID | 7380314 |
| Released | May 01, 2018 |
| Description Updated | May 05, 2017 |
Detection Availability
| FortiGate | |
|---|---|
| Extended |
|
| FortiClient |
|
| FortiMail |
|
| FortiSandbox |
|
| FortiWeb |
|
| Web Application Firewall |
|
| FortiIsolator |
|
| FortiDeceptor |
|
| FortiEDR |
|
Threat Profile
Aliases:- Win32/Elemental.C potentially unwanted application
Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.
Update History
| Date | Version | Detail |
|---|---|---|
| 2023-09-19 | 91.07104 | |
| 2023-06-27 | 91.04592 | |
| 2023-06-27 | 91.04590 | |
| 2023-06-27 | 91.04583 | |
| 2023-05-09 | 91.03106 | |
| 2023-05-04 | 91.02966 | |
| 2023-04-11 | 91.02260 | |
| 2023-03-28 | 91.01840 | |
| 2023-03-14 | 91.01420 | |
| 2023-02-28 | 91.01002 |
Refine Search
Threat Encyclopedia
Riskware/Elemental
Analysis
Riskware/Elemental is a generic detection for a Riskware Browser.
Since this is a generic detection, malware that are detected as Riskware/Elemental may have varying behaviour.
Below are examples of its behaviours:
- The browser was based on open source Chromium according to its Help Page. The distribution appears to be only in Russian language.
- The application on its default installation has been observed to connect to the following:
- hxxps://8{Removed}.208.7.90
- hxxps://sovetni{Removed}.market.http.yandex.ru
- hxxps://stati{Removed}.yandex.net:https
- hxxps://fron{Removed}.portal.rambler.ru
- Below are some its illustration:
- Figure 1: Installation.
- Figure 2: Browser.
- Figure 3: Bundles.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
