JS/Nemucod.DOH!tr
Analysis
JS/Nemucod.DOH!tr is a generic detection for a type of Javascript trojan that downloads and runs the Gryphon ransomware onto the compromised computer. Since this is a generic detection, files that are detected as JS/Nemucod.DOH!tr may have varying behavior.
Below are examples of some of these behavior:
- It adds the ".crypton" extension to encrypted files.
- It attempts to connect to the following URL:
- hxxp://soun{Removed}.info/admin.php?f=1.dat
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2022-02-08 | 89.09443 |