Hello all, i need help making sense of a malware log in FortiAnalyzer.
The log only show the Threat as a bunch of numbers and letters and i am having a hard time deciphering its meaning. Can some one help. It seams a "generic" threat ID but i really don't know for sure since the source is a blog in wordpress and it has already been the target of defacing and redirect before. I would appreciate any help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi GLOBAL,
What type of log that you are viewing? Can you download it and paste the text here? You can obfuscate the IP address if you want to hide it. We may need to check another logs to correlate it.
Hello Nathan, thanks for the reply, after some searching i found that the "number and lettrers" were the hash for the.js file that was being caught in the anti-virus. It relates to this "generic trojan" :https://www.virustotal.com/gui/file/82576c0a6f20df06487c7bae8355c4676ef713af111437bce7af77b7b225a496.... The SHA-1 hash is the same. I have since asked for my security analyst take a look at the site structure to try to find this .js file and scan it. Thanks for the help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.