Malware detected but the threat id is just some numbers and letters

GLOBAL · ‎09-02-2024

Hello all, i need help making sense of a malware log in FortiAnalyzer.

The log only show the Threat as a bunch of numbers and letters and i am having a hard time deciphering its meaning. Can some one help. It seams a "generic" threat ID but i really don't know for sure since the source is a blog in wordpress and it has already been the target of defacing and redirect before. I would appreciate any help.

nathan_h · ‎09-02-2024

Hi GLOBAL,

What type of log that you are viewing? Can you download it and paste the text here? You can obfuscate the IP address if you want to hide it. We may need to check another logs to correlate it.

Nathan
FCP-NS, FCP-PCS, FCP-SO, FCSS-NS, FCSS-PCS, FCSS-SASE

GLOBAL · ‎09-02-2024

Hello Nathan, thanks for the reply, after some searching i found that the "number and lettrers" were the hash for the.js file that was being caught in the anti-virus. It relates to this "generic trojan" :https://www.virustotal.com/gui/file/82576c0a6f20df06487c7bae8355c4676ef713af111437bce7af77b7b225a496.... The SHA-1 hash is the same. I have since asked for my security analyst take a look at the site structure to try to find this .js file and scan it. Thanks for the help.

Malware detected but the threat id is just some numbers and letters

Nominate a Forum Post for Knowledge Article Creation