JS/Redir.XM!tr
Analysis
JS/Redir.XM!tr is a generic detection for Redirect trojan.
Since this is a generic detection, malware that are detected as JS/Redir.XM!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- The malware may initiate connections to suspicious URLs without the users permission. When clicking on an advertisement on the website, the user will be redirected to another suspicious URL..
- The malware may attempt to connect to the any of following sites:
- hxxp://up.iranblo{Removed}.com/images/fsm11g34ik4ftbq0gdg.jpg
- dpfilm{Removed}.net
- hxxp://dpfilm{Removed}.net/wp-content/cache/minify/6a06a.js
- www.picha{Removed}.net
- The malware has been shown to have the capabilities to execute on the following types of Operating Systems:
- Windows 10 (64-bit)
- Windows 10 (32-bit)
- Windows 8 (64-bit)
- Windows 8 (32-bit)
- Windows 7 (64-bit)
- Windows 7 (32-bit)
- Windows XP
- Mobile platforms (iOS and Android)
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2021-06-29 | 87.00261 | |
2019-07-22 | 70.17700 | Sig Added |
2019-07-22 | 70.15700 | Sig Updated |
2019-05-03 | 68.25200 | Sig Added |
2019-05-03 | 68.24700 | Sig Updated |
2019-04-29 | 68.15900 | Sig Added |
2019-04-28 | 68.12900 | Sig Updated |
2019-04-03 | 67.53400 | Sig Added |
2019-04-03 | 67.52800 | Sig Updated |
2019-02-28 | 66.72400 | Sig Added |