virus logo Virus

HTML/PhisingRedir.1BF4!tr

description-logoAnalysis

HTML/PhisingRedir.1BF4!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as HTML/PhisingRedir.1BF4!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • It looks like a normal html file, but when users open it, it will automatically redirect to http://{Removed}.azurewebsites.net/?email={Removed}.
  • It redirects to a phishing Microsoft website which will try to steal user's Microsoft account and password

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2022-08-23 90.05336
2020-01-10 74.43400 Sig Added
2020-01-09 74.42100 Sig Updated
2020-01-09 74.41100 Sig Added
2020-01-09 74.40300 Sig Updated
2020-01-08 74.39400 Sig Updated
ID 8167943
Released Feb 28, 2020
Description
Updated		 Jan 08, 2020
Platform Profile HTML