VirusW32/Turkojan.Backdoor
Analysis
- Trojan is remote access capable and is fully configurable
using a related Trojan editor
- Trojan is authored by a hacker or group of hackers
from Turkey
- The complete Trojan package includes a Trojan editor
and a client component, and several icons from which
to associate the Trojan as a means to give the appearance
that the Trojan server is not malicious
- The client component communicates with the server
with the ability to control the host system which
has the server component installed
- If the server component is run either intentionally
or through malicious methods, it will install itself
by copying itself to a configured location and filename,
and also modify the system registry to load from a
configured registry key
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extreme | |
| FortiClient | |
| Extended | |
| FortiMail | |
| Extended | |
| FortiSandbox | |
| Extended | |
| FortiWeb | |
| Extended | |
| Web Application Firewall | |
| Extended | |
| FortiIsolator | |
| Extended | |
| FortiDeceptor | |
| Extended | |
| FortiEDR |