FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff
Description This article describes how to identify Hash included in AV/IPS using the online scanner via FortiGuard web portal and learn more about the signatures details or the database version.
Scope  
Solution

See the link below for the File Hash Search option; once the hash is included in the link, information will be receivedsuch as AV/IPS Signature, IOC Tags, and Risk Confidence Rating:

https://www.fortiguard.com/faq/onlinescanner

 

For Example:

 

1) Find the details for the Hash:

 

"FFB6D57D789D418FF1BEB56111CC167276402A0059872236FA4D46BDFE1C0A13"

 

In the below link.


https://www.fortiguard.com/faq/onlinescanner

 

Result:


File Hash has been found.

AV Signature: W32/NDAoF <-----
IOC Tags: Malware, Gamaredon
Risk Confidence Rating: High

 

akileshc_0-1647931779394.png

 

Then, by searching these signatures on 'fortiguard.com',  learn more about the signatures details and the database version in which these signatures are included(which explains the Hash is included).
https://www.fortiguard.com 

 

2) Search the AV Signature 'W32/NDAoF' on FortiGuard using the below link:(Screen Shot Included).
https://www.fortiguard.com

https://www.fortiguard.com/encyclopedia/virus/10068102 (For AV Signature 'W32/NDAoF').


Here, the details about the Detection Availability, Threat Profile and Update History(includes a version of database).

 

akileshc_1-1647931895583.jpeg
Contributors