Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GLOBAL
New Contributor II

Malware detected but the threat id is just some numbers and letters

Hello all, i need help making sense of a malware log in FortiAnalyzer.

logmalware.PNG

The log only show the Threat as a bunch of numbers and letters and i am having a hard time deciphering its meaning. Can some one help. It seams a "generic" threat ID but i really don't know for sure since the source is a blog in wordpress and it has already been the target of defacing and redirect before. I would appreciate any help.

2 REPLIES 2
nathan_h
Staff
Staff

Hi GLOBAL,

 

What type of log that you are viewing? Can you download it and paste the text here? You can obfuscate  the IP address if you want to hide it. We may need to check another logs to correlate it.

 

 

 

Nathan
FCP-NS, FCP-PCS, FCP-SO, FCSS-NS, FCSS-PCS, FCSS-SASE
GLOBAL
New Contributor II

Hello Nathan, thanks for the reply, after some searching i found that the "number and lettrers" were the hash for the.js file that was being caught in the anti-virus. It relates to this "generic trojan" :https://www.virustotal.com/gui/file/82576c0a6f20df06487c7bae8355c4676ef713af111437bce7af77b7b225a496.... The SHA-1 hash is the same. I have since asked for my security analyst take a look at the site structure to try to find this .js file and scan it. Thanks for the help.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors