VirusMSOffice/Agent.A!tr
Analysis
MSOffice/Agent.A!tr is a generic detection for a type of trojan that uses Microsoft Office to drop other malware onto the compromised computer. Since this is a generic detection, files that are detected as MSOffice/Agent.A!tr may have varying behavior.
Below are examples of some of these behavior:
- Contains two malicious OLE objects labeled "Details Package" with thumbnails of Excel and Word Documents to entice victims to double-click and execute the malware.
- The OLE objects contain malicious Javascript to download and execute the Cerber ransomware.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-08-09 | 90.04916 | |
| 2021-03-23 | 84.00920 | |
| 2020-12-29 | 82.90700 | Sig Updated |
| 2020-12-22 | 82.74100 | Sig Updated |
| 2020-12-09 | 82.43000 | Sig Updated |
| 2020-12-08 | 82.40700 | Sig Updated |
| 2020-11-10 | 81.73400 | Sig Updated |
| 2020-10-07 | 80.92700 | Sig Updated |
| 2020-10-02 | 80.80300 | Sig Updated |
| 2020-09-08 | 80.22400 | Sig Updated |