W32/Turkojan.Backdoor
Analysis
- Trojan is remote access capable and is fully configurable
using a related Trojan editor
- Trojan is authored by a hacker or group of hackers
from Turkey
- The complete Trojan package includes a Trojan editor
and a client component, and several icons from which
to associate the Trojan as a means to give the appearance
that the Trojan server is not malicious
- The client component communicates with the server
with the ability to control the host system which
has the server component installed
- If the server component is run either intentionally
or through malicious methods, it will install itself
by copying itself to a configured location and filename,
and also modify the system registry to load from a
configured registry key
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |