The FortiGuard Domain Reputation service is a licensed subscription that maintains a database of DNS Domain Names that pose a threat to your network and clients.
Article Id 249374


The FortiGuard Incident Response team are ready to assist with the discovery, containment and remediation of incidents related to exploitation of Telerik UI vulnerabilities. Vulnerabilities in the Telerik UI initially disclosed and patched in 2017 and 2019 (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) continue to be exploited by threat actors.

These old vulnerabilities have garnered additional attention recently as CISA released an advisory on their use as part of the recent exploitation of US government networks[1].

Analysis of the associated artifacts indicates that exploitation of these vulnerabilities results in the deployment of reverse shell executables and then web shells, an intrusion chain similar to most recent web service vulnerabilities.

The FortiGuard team has extensive experience in responding to intrusions of this nature.

When dealing with such intrusions, a quick response that effectively contains an intrusion before it can spread and before the adversary can establish a further foothold is key to minimizing business impact and reducing the complexity of remediation efforts.








Engaging Response Services:


To engage the IR team directly please use the ‘Experienced a breach?’ link available here:

This webpage also has additional information on IR services and helps to prepare for cyber incidents.


Engaging Proactive Services:


If there is a question of whether this type of threat and to proactively prepare the security teams to better handle threats associated with the exploitation of Telerik UI vulnerabilities, engage the Incident Response Readiness service.

The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.


Related document: