VirusW97M/Nottice.AU
Analysis
- Virus consists of two macro modules, one named
"WININIT", and the other is named "AutoClose"
or "AutoOpen" depending on if the host file
is a document or the global template
- Virus hooks Word event handlers which prevents
the opening or closing of infected documents
- The "WININIT" macro is empty
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |