HTML/Phish!tr
Analysis
HTML/Phish!tr is a detection for HTML codes that redirect the web browser to a phishing web site.
This detection is not limited to in wild spear/attack/spam phishing campaign some samples may include as part of third party pen testers using spam campaign as one of their internal tools.
- Below are some of the sample illustration on how these Phishing scheme may look like:
- Figure 1: Scam Phishing hosted over google docs.
- Figure 2: WhatsApp phishing embedded on some Phishing Mails.
- Figure 3: Sample Phishing.
- Figure 4: Sample Phishing.
- Figure 5: Phishing.
- Figure 6: American Express Phishing.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2023-12-08 | 91.09541 | |
2023-11-06 | 91.08574 | |
2020-04-14 | 76.70200 | Sig Updated |
2019-10-17 | 72.40100 | Sig Updated |
2019-10-15 | 72.34800 | Sig Updated |
2019-08-26 | 71.15400 | Sig Updated |
2019-08-24 | 71.08900 | Sig Updated |
2019-08-23 | 71.08300 | Sig Updated |
2019-08-20 | 71.02600 | Sig Updated |
2019-08-19 | 70.83200 | Sig Updated |