Technical Tip: How to identify the list of Hash included in AV/IPS using online scanner via FortiGuard Web Portal

akileshc · ‎03-22-2022

Description

This article describes how to identify Hash included in AV/IPS using the online scanner via FortiGuard web portal and learn more about the signatures details or the database version.

Scope

Solution

See the link below for the File Hash Search option; once the hash is included in the link, information will be receivedsuch as AV/IPS Signature, IOC Tags, and Risk Confidence Rating:

https://www.fortiguard.com/faq/onlinescanner

For Example:

1) Find the details for the Hash:

"FFB6D57D789D418FF1BEB56111CC167276402A0059872236FA4D46BDFE1C0A13"

In the below link.

https://www.fortiguard.com/faq/onlinescanner

Result:

File Hash has been found.

AV Signature: W32/NDAoF <-----
IOC Tags: Malware, Gamaredon
Risk Confidence Rating: High

Then, by searching these signatures on 'fortiguard.com', learn more about the signatures details and the database version in which these signatures are included(which explains the Hash is included).
https://www.fortiguard.com

2) Search the AV Signature 'W32/NDAoF' on FortiGuard using the below link:(Screen Shot Included).
https://www.fortiguard.com

https://www.fortiguard.com/encyclopedia/virus/10068102 (For AV Signature 'W32/NDAoF').

Here, the details about the Detection Availability, Threat Profile and Update History(includes a version of database).