MSOffice/Agent.A!tr
Analysis
MSOffice/Agent.A!tr is a generic detection for a type of trojan that uses Microsoft Office to drop other malware onto the compromised computer. Since this is a generic detection, files that are detected as MSOffice/Agent.A!tr may have varying behavior.
Below are examples of some of these behavior:
- Contains two malicious OLE objects labeled "Details Package" with thumbnails of Excel and Word Documents to entice victims to double-click and execute the malware.
- The OLE objects contain malicious Javascript to download and execute the Cerber ransomware.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2022-08-09 | 90.04916 | |
2021-03-23 | 84.00920 | |
2020-12-29 | 82.90700 | Sig Updated |
2020-12-22 | 82.74100 | Sig Updated |
2020-12-09 | 82.43000 | Sig Updated |
2020-12-08 | 82.40700 | Sig Updated |
2020-11-10 | 81.73400 | Sig Updated |
2020-10-07 | 80.92700 | Sig Updated |
2020-10-02 | 80.80300 | Sig Updated |
2020-09-08 | 80.22400 | Sig Updated |