PowerShell/NetWalk.B!tr
Analysis
PowerShell/NetWalk.B!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge. These activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks, and running/terminating processes.
The Fortinet Antivirus Analyst Team is constantly updating our descriptions. Please check the FortiGuard Encyclopedia regularly for updates.
Outbreak Alert
Versions prior to R1 2020 (2020.1.114) are susceptible to remote code execution attacks on affected web servers of Telerik User Interface (UI) for ASP-NET due to a deserialization vulnerability found in RadAsyncUpload function. FortiGuard Labs continue seeing high exploitation activity of these old vulnerabilities.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2022-08-03 | 90.04740 | |
2022-07-19 | 90.04286 | |
2022-07-18 | 90.04265 | |
2021-10-29 | 89.06392 | |
2020-10-27 | 81.39700 | Sig Updated |
2020-09-22 | 80.56100 | Sig Updated |
2020-07-29 | 79.23600 | Sig Updated |
2020-07-29 | 79.23500 | Sig Updated |
2020-07-28 | 79.20800 | Sig Updated |
2020-07-27 | 79.18400 | Sig Updated |