JS/Wonka.A!tr
Analysis
JS/Wonka.A!tr is a generic detection for a type of obfuscated JavaScript trojan that uses a certain function to decode itself.
Since this is a generic detection, malware that are detected as JS/Wonka.A!tr may have varying behavior. Below are examples of some of these behaviors:
- Execute a file named open.exe in the current folder.
- Execute another script on a remote server.
- Download a file from the URL http://www.myownpa{removed}/load.jpg, rename the file as ~tmp0374.exe, then execute it.
Recommended Action
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2023-12-01 | 91.09340 | |
2020-05-12 | 77.37200 | Sig Updated |
2019-09-11 | 71.53500 | Sig Updated |
2019-09-10 | 71.52000 | Sig Updated |
2019-08-29 | 71.22800 | Sig Updated |
2019-08-29 | 71.22300 | Sig Updated |
2019-08-22 | 71.04900 | Sig Updated |
2019-08-17 | 70.79500 | Sig Added |
2019-08-17 | 70.77600 | Sig Updated |
2019-06-28 | 69.59400 | Sig Added |