XML/DogWalk.A!tr
Analysis
XML/DogWalk.A!tr is a generic detection for an XML trojan.
This malware has been associated with the following third party article/advisory.
https://nvd.nist.gov/vuln/detail/CVE-2022-34713 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713The correlation has been established due to a database near/exact match on one of the sample/IOC/file that were found during investigation.
- Md5: 98c157f6a9cbb53f4441d3c193778150
Sha256: 9acdb73a2d999922bdf8d00e7ad7b830c8ee86f21024b8c76a14168454821761 - Md5: 556f6cba29823e7617e4299e7f694092
Sha256: 6cdb1fffb8942b6648363737ee0a13c22046d0e1b061ad7e3f81abf0023a4a28
Outbreak Alert
August patch Tuesday from Microsoft introduced fixes for 121 vulnerabilities. Of these, two are zero-day fixes, and one -- CVE-34713 a.k.a. 'DogWalk' -- is being actively exploited in the wild.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |