VirusJS/Phish.FKH!tr
Analysis
JS/Phish.FKH!tr is a detection for an Redirect trojan.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- 27FA5A92598CA4DB56AD24C9961EDB32
- 81AADAD36F31250A76C0C51DD5F8BAA4
- The following are some illustrations related to the malware during our quick analysis:
- Figure 1: malware Distributed as email.
- Figure 2: Landing Page but has since been blocked by domain admin.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extended | |
| FortiClient | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-03-15 | 90.00492 | |
| 2021-08-10 | 88.00269 | |
| 2021-05-11 | 86.00097 | |
| 2021-01-22 | 83.48400 | Sig Updated |
| 2020-11-08 | 81.69300 | Sig Updated |
| 2020-11-06 | 81.64800 | Sig Updated |
| 2020-11-03 | 81.57300 | Sig Updated |
| 2020-11-03 | 81.56700 | Sig Updated |
| 2020-11-01 | 81.52500 | Sig Updated |
| 2020-10-30 | 81.46700 | Sig Updated |