Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd

High
Malwaremisp-galaxy:sector="government, administration"type:osintosint:lifetime="perpetual"osint:certainty="50"tlp:whitetlp:clearmisp-galaxy:country="russia"
Published: Fri Jan 13 2023 (01/13/2023, 00:00:00 UTC)
Source: CIRCL
Vendor/Project: misp-galaxy
Product: sector

Description

Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd

AI-Powered Analysis

AILast updated: 06/18/2025, 19:02:34 UTC

Technical Analysis

The security threat identified as FG-IR-22-398 pertains to a heap-based buffer overflow vulnerability in the SSLVPNd component of FortiOS, the operating system used by Fortinet's FortiGate devices. SSLVPNd is responsible for handling SSL VPN connections, which are critical for secure remote access to organizational networks. A heap-based buffer overflow occurs when a program writes more data to a buffer located in the heap memory than it is allocated to hold, potentially allowing an attacker to overwrite adjacent memory. This can lead to arbitrary code execution, denial of service, or system compromise. Although specific affected versions are not listed, the vulnerability targets FortiOS devices, which are widely deployed in enterprise and government environments for network security and VPN services. The analysis indicates a high severity level, reflecting the potential for significant impact if exploited. However, there are no known exploits in the wild at the time of reporting, and no patches or mitigation links have been provided. The source of the information is CIRCL, a reputable cybersecurity research entity, and the threat is tagged with a 50% certainty level, indicating moderate confidence in the vulnerability's existence or impact. The vulnerability is particularly relevant to government and administrative sectors, as indicated by the sector tagging, and is associated with Russia as a country tag, which may imply origin or targeting context. The technical details are limited, but the heap-based buffer overflow in a critical VPN component suggests that exploitation could allow attackers to bypass authentication, execute arbitrary code with elevated privileges, or disrupt VPN services, thereby compromising confidentiality, integrity, and availability of network communications.

Potential Impact

For European organizations, especially those in government and administrative sectors, this vulnerability poses a significant risk. FortiGate devices are commonly used across Europe for secure remote access and network perimeter defense. Exploitation could lead to unauthorized access to sensitive government networks, data exfiltration, or disruption of critical services. The confidentiality of communications could be compromised if attackers gain control over the SSLVPNd process, potentially intercepting or manipulating VPN traffic. Integrity could be undermined by unauthorized code execution or configuration changes, while availability could be affected through denial-of-service conditions caused by memory corruption. Given the strategic importance of government networks in Europe and the widespread deployment of FortiOS devices, successful exploitation could have national security implications, disrupt public administration, and erode trust in digital infrastructure. The lack of known exploits suggests that immediate widespread attacks are not confirmed, but the high severity rating and the nature of the vulnerability warrant proactive measures.

Mitigation Recommendations

1. Immediate Inventory and Assessment: European organizations should identify all FortiGate devices running FortiOS, particularly those providing SSL VPN services. 2. Vendor Communication and Patch Management: Engage directly with Fortinet for official advisories, patches, or workarounds. Even though no patch links are currently provided, monitoring Fortinet's security bulletins is critical. 3. Network Segmentation and Access Controls: Limit access to SSLVPNd services to trusted IP ranges and implement strict firewall rules to reduce exposure. 4. Enhanced Monitoring and Logging: Deploy advanced intrusion detection and prevention systems (IDS/IPS) to monitor anomalous activities related to SSLVPNd processes, including unusual memory usage or crashes. 5. Incident Response Preparedness: Develop and rehearse incident response plans specific to VPN compromise scenarios, ensuring rapid containment and remediation. 6. Temporary Mitigations: If patches are unavailable, consider disabling SSL VPN services temporarily or restricting their use to essential personnel until a fix is applied. 7. User Awareness and Credential Hygiene: Educate users on phishing and social engineering risks that could be combined with this vulnerability and enforce strong multi-factor authentication (MFA) to reduce the risk of credential compromise. 8. Regular Vulnerability Scanning: Incorporate checks for heap-based buffer overflow vulnerabilities in SSLVPNd into routine security assessments.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
ItalyItaly
SpainSpain
NetherlandsNetherlands
BelgiumBelgium
PolandPoland
SwedenSweden
FinlandFinland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
1
Analysis
1
Uuid
042a4478-fe19-4ed0-a309-b96da3542a95
Original Timestamp
1673616092

Indicators of Compromise

Hash

ValueDescriptionCopy
hashf68c3f72270800ea675889e82bb02fb8
Hashes of post-exploitation implants
hashe3f640d8785c0c864739529889b1863a
Hashes of post-exploitation implants
hash08cbaafb176ce6118f7e4e0b2d2d77cf
Hashes of post-exploitation implants
hashbdc2d2f5d5246f8956711bcce9f456b6
Hashes of post-exploitation implants
hash4548fa6625cb154ab320833186117393
Hashes of post-exploitation implants
hashe5d989b651b3eb351e10e408d5a062b3
Hashes of post-exploitation implants
hash3191cb2e06e9a30792309813793f78b6
Hashes of post-exploitation implants
hash12e28c14bb7f7b9513a02e5857592ad7
Hashes of post-exploitation implants
hashae0839351721db5a9c269fd75dcb57ce
Hashes of post-exploitation implants
hash856341349dd954d82b112ba9165c4563
Hashes of post-exploitation implants
hash4b5de9374a615b76e607c1dc4d17ac72
hash92a4ea254751b960250b21d8f8e947eb769ef01a
hash5f826a78d3d88061f3f7e3281ffc41b37a8071a217cd15b584e4f6edd909b23c
hashb208b7a03e8036c27f09f43fc1f46fa7343c3a62efe0aa554908ac6426df1783d694638e135ef71b85cb8544e4da37d6a03cb6e923848a492016d688f1ddf5a2
hash7ea63e83e1c0f8b6dc4ef536699484dd
hash3326c3c5793f7f3510ef415f14b3db4b62e27bd2
hash89ec50c88cda5557005116ac06d514df68f12d2c0bf29773b20589814ab9723f
hash09403f1bf4e83bb72db252de42b2c8bddd29ba99557115466f02ac668b6d6074a0883f597f6c0e7613bf00900af6163a1ee0a204a09bcb1e497c2a8eb29664d5
hashe4c9d495339c4a934cc1b935660e0e38
hash037f98546890d032d441763d9e3bc1de54ffbbc0
hash336ea8b9b38f4d53ad336eec0b0e1e03b59955194a5f37a15b0ae1fc80b4f061
hash3bf3cac0891b015a26d18090219d445c48bbdc89eeac878cfcffb393b8b33296317aa7bc5f12d6f1498429807424f8c3e3ab249b273b270607bbffe83b5f9a75
hash4f2bf103dfcc95692a488edab688bbc7
hashb2d25fd8efd7b824c2912a9f80c918fe1f11952d
hashf60d590bc286bc3357f693500e25f8d13699f93402c384ea3354ee694ad6abb2
hashb9a44e91d89c9586694f575a54eb41db7e2dc7f1097a1470470e6df077747c024dae28ae828b572e400d35e0b0957b31f3e54fd8f2a9f5fc64e6f1729fbe423d
hash3312975753899c136a2cba9b13c60ad0
hash6bb845d70432ae6f16002393f1ed36d3f5ff826e
hashfc607709d7ac5011094efd7565647ad4dfd793c9f57a0e949f25bf2d241fcbad
hash16ce5aeea206f79e4b26341705b451df52c492bbd7ca0d7bab47e9d3230f881a36d5ab27311f56d4dc4f580951eda3759e978b1db2240283762e44f13509da7c
hash7dea362b3fac8e00956a4952a3d4f474
hash05fe405753166f125559e7c9ac558654f107c7e9
hashaf5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
hash1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b
hashe3e643d996d7a5984b5ac6bea5f8ad4b
hashd6d79694a79924624fcc1f89853e45cc0024d1e4
hash10fa569b3cf75ff21ea3b433416d16d9ff53bb127bcb8dfe24b4aea6bea0b684
hash20085231c5480a9c6617d05b3d028f492a8f48f1b18bf6be5826ffa01774e696c283df4fbbc77a7f978d7f49c7155065419db2e2613a833d5c3b5b98842157ca
hash927d3c8f39932c4903ce0ae8dc4d7abb
hash512ed9db2fe4151324abf949d70deb3fe4566a66
hasha9506a3cbf332502d62d7b7fc0849fde3809545a75d911e9cae9268fa143b32c
hash2263a71d4f9ee005ed301020ae0e0d974003a39d481f4a82b6899a47847888969a6d66b7c585598307c14c83cc97f744b6f2dc0158426e2628ed02114ac5f338
hash54bbea35b095ddfe9740df97b693627b
hash08760cb1d322269dbe62d9a642697ac71306fbe3
hash61aae0e18c41ec4f610676680d26f6c6e1d4d5aa4e5092e40915fe806b679cd4
hashc0c33975fc3338be2d18daef09f8a156f3bf2038af05b28980bdcbc855bd8875869ad904584cf822f6ebd58fdcbc39c07f5ab6fdd1e13f3cab641faf76e2c0ea

Ip

ValueDescriptionCopy
ip156.251.162.76
Older Actor IP
ip156.251.163.19
Older Actor IP
ip156.251.163.122
Older Actor IP
ip156.251.162.111
Older Actor IP
ip139.180.184.197
ip66.42.91.32
ip158.247.221.101
ip107.148.27.117
ip139.180.128.142
ip155.138.224.122
ip185.174.136.20
ip45.86.229.220
ip45.86.231.71
ip139.99.35.116
ip139.99.37.119
ip194.62.42.105
ip185.250.149.32
ip137.175.30.138
ip146.70.157.133
ip155.138.224.122
ip107.148.27.117
ip172.247.168.153
ip192.36.119.61
ip103.131.189.143
ip188.34.130.40

Pattern in-traffic

ValueDescriptionCopy
pattern-in-traffic\x00\x0C\x08http/1.1\x02h2\x00\x00\x00\x14\x00\x12\x00\x00\x0Fwww.example.com
By emulating the malware's execution, we found a unique string of bytes in its communication with its command & control server that can be used for an IPS signature.  This string detects the TLS traffic by the TLS request header.  The buffer “\x00\x0C\x08http/1.1\x02h2\x00\x00\x00\x14\x00\x12\x00\x00\x0Fwww.example.com” (unescaped) should appear inside the “Client Hello” packet.

Link

ValueDescriptionCopy
linkhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
linkhttps://www.fortiguard.com/psirt/FG-IR-22-398
linkhttps://cvepremium.circl.lu/cve/CVE-2022-42475
linkhttps://fortiguard.com/psirt/FG-IR-22-398
linkhttps://www.virustotal.com/gui/file/0184e3d3dd8f4778d192d07e2caf44211141a570d45bb47a87894c68ebebeabb
linkhttps://www.virustotal.com/gui/ip_address/155.138.224.122
linkhttps://www.virustotal.com/gui/file/23f2536aec6a4977a504312ff5863468ba2900fece735acd775d0ae455b4cd4d
linkhttps://www.virustotal.com/gui/ip_address/107.148.27.117

Text

ValueDescriptionCopy
textFortinet has published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. The following writeup details our initial investigation into this malware and additional IoCs identified during our ongoing analysis.
textBlog
textPublished
textA heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
textCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
textPublished
textOut-of-bounds Write
textDraft
textBase
text20/63
text9/88
text21/63
text10/88
text.text
text.data
text.rdata
text.bss
text.idata
text.CRT
text.tls
text.rsrc
text.reloc
textexe
text4199600
textAC Description
text1.0
text080904E4
textAC
text1.0
textAC Company
textAC copyright
textMalicious
text/data/lib/libips.bak
text/data/lib/libgif.so
text/data/lib/libiptcp.so
text/data/lib/libipudp.so
text/data/lib/libjepg.so
text/var/.sslvpnconfigbk
text/data/etc/wxd.conf
text/flash

Vulnerability

ValueDescriptionCopy
vulnerabilityCVE-2022-42475
vulnerabilityCVE-2022-42475

Datetime

ValueDescriptionCopy
datetime2023-01-09T17:30:00+00:00
datetime2023-01-02T09:15:00+00:00
datetime2021-08-26T07:13:04+00:00

Float

ValueDescriptionCopy
float9.8
float6.1933439370956
float0.6540748833811
float5.4635139902349
float5.2099581938208
float1.6185253040527
float4.6724534459793
float6.5454664509897
float6.1352969019206

Cpe

ValueDescriptionCopy
cpecpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.11:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.12:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.13:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.6.14:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.11:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.12:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.4.13:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.12:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.13:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.14:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.2.15:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.11:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.12:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.13:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:5.0.14:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
cpecpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*
cpecpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:*
cpecpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:*

Weakness

ValueDescriptionCopy
weaknessCWE-787

Ja3 fingerprint-md5

ValueDescriptionCopy
ja3-fingerprint-md5bf2b95ac267823f6588b2436bc537b26

Size in-bytes

ValueDescriptionCopy
size-in-bytes80896
size-in-bytes2560
size-in-bytes5120
size-in-bytes0
size-in-bytes4096
size-in-bytes512
size-in-bytes512
size-in-bytes2048
size-in-bytes2560
size-in-bytes99328

Ssdeep

ValueDescriptionCopy
ssdeep1536:MzT7zQBr/zINrQlKQLvTYZuyjOzNSHCCiin0F7KLzfLXDvbnT/r3jP7HzL/3zXvW:MzT/0/ENklKQLrAuyaxSHC5inA+LzfL6
ssdeep6:Xmt/eLtlMQQ/wm+RxlXOfUKjyipKR9jHUAj/k1Aj/k1qa6Ul:XmtGplsF+Rj7xfkAA1AA19
ssdeep48:X65hlRWXMFfHP7BEP+sx4OQQuQv2qjr5vh8MMy9D/DtyGbBbBbBbBbBbBbBbBbBP:qLrmMF/SP+GuQv2qHLd9DhX
ssdeep48:VYTBshkXzByshkXzByr3mPWXEDll6GraRBTuyK1uA9GFDkcMUuRVxGp:yy4W+s/zuBTfK1uA9SDkcMUuRVq
ssdeep3:+/tdFllXl6ltl/ll:N
ssdeep3::
ssdeep24:b9pGZeFVJprKNZ1bh3lCPNWredtn3tcuf3hwcK:Bp/FVnrcLbRlOBh3tThi
ssdeep48:+BXwIRwsB3qZRyxbFCh3vvvbvXIdruBHnHofSX3X3X:+1wIRwsWGCzvXk8HofSnH
ssdeep3072:MzT/0/ENklKQLrAuyaxSHC5inA+LzfLXDvbnT/r3jP7HzL/3zXvbnT/ry5:2mKQLrAuPxK1A+LzfLXDvbnT/r3jP7HQ

File

ValueDescriptionCopy
fileAC file name
file61aae0e18c41ec4f610676680d26f6c6e1d4d5aa4e5092e40915fe806b679cd4

Counter

ValueDescriptionCopy
counter9

Malware sample

ValueDescriptionCopy
malware-sample61aae0e18c41ec4f610676680d26f6c6e1d4d5aa4e5092e40915fe806b679cd4|54bbea35b095ddfe9740df97b693627b

Mime type

ValueDescriptionCopy
mime-typePE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Port

ValueDescriptionCopy
port8033
port8443
port444
port30080
port30081
port30443
port20443
port444

Threat ID: 682b7ba0d3ddd8cef2e68bd0

Added to database: 5/19/2025, 6:42:40 PM

Last enriched: 6/18/2025, 7:02:34 PM

Last updated: 7/26/2025, 6:30:10 AM

Views: 19

Related Threats

ThreatFox IOCs for 2025-08-10

Medium
MalwareMon Aug 11 2025

ThreatFox IOCs for 2025-08-09

Medium
MalwareSun Aug 10 2025

ThreatFox IOCs for 2025-08-08

Medium
MalwareSat Aug 09 2025

Royal and BlackSuit ransomware gangs hit over 450 US companies

High
MalwareFri Aug 08 2025

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

High
MalwareFri Aug 08 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats