W32/Womble.A@mm
Analysis
registry information: added the value ms_net_update = "c:\windows\system32]winlogin.exe" to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run email propagation: subject:Kiss body: There is some info in the attached file!!! attachment: net_update.pif
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |