W32/Dorkbot.BAA!tr

description-logoAnalysis


W32/Dorkbot.BAA!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Dorkbot.BAA!tr may have varying behavior.
Below are examples of some of these behavior:

  • It drops a copy of itself into the user's Application Data folder with a randomized file name.

  • Network activities are observed to connect to the following sites via TCP port 1866:
    • IP: 69.43{Removed}
    • IP: 112.125{Removed}
    • IP: 95.142{Removed}

  • Deletes its original copy after execution.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-08 92.02250
2022-08-25 90.05404
2022-06-13 90.03224
2022-06-09 90.03097
2020-01-28 74.86100 Sig Added
2020-01-23 74.74500 Sig Updated
2019-05-07 68.34700 Sig Added
2019-05-03 68.25000 Sig Updated
2019-04-05 67.58100 Sig Added
2019-04-03 67.52800 Sig Updated