virus logo Virus

XML/DogWalk.A!tr

description-logoAnalysis

XML/DogWalk.A!tr is a generic detection for an XML trojan.
This malware has been associated with the following third party article/advisory. 

https://nvd.nist.gov/vuln/detail/CVE-2022-34713
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713
The correlation has been established due to a database near/exact match on one of the sample/IOC/file that were found during investigation.
  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 98c157f6a9cbb53f4441d3c193778150
      Sha256: 9acdb73a2d999922bdf8d00e7ad7b830c8ee86f21024b8c76a14168454821761
    • Md5: 556f6cba29823e7617e4299e7f694092
      Sha256: 6cdb1fffb8942b6648363737ee0a13c22046d0e1b061ad7e3f81abf0023a4a28

    • description-logoOutbreak Alert

    August patch Tuesday from Microsoft introduced fixes for 121 vulnerabilities. Of these, two are zero-day fixes, and one -- CVE-34713 a.k.a. 'DogWalk' -- is being actively exploited in the wild.

    View the full Outbreak Alert Report

    recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    FortiClient
    FortiAPS
    FortiAPU
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2023-12-06 91.09473
    2022-11-08 90.07650
    2022-08-11 90.04984
    2022-08-11 90.04983
    2022-08-11 90.04982
    2022-08-11 90.04981
    2022-08-10 90.04955
    ID 10101326
    Released Aug 11, 2022
    Description
    Updated    		 Aug 11, 2022
    Outbreak Alert MSDT DogWalk
    Aliases Generic.Dogwalk.A.16B7E624,Generic.Dogwalk.A.1C1D219A
    Platform Profile Microsoft Excel macro