← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch - Arctic Wolf
WHITE CyberHunter_NL 2026-05-28 Modified: 2026-05-28
13
IOCs
MEDIUM VOLUME
What do you need to know about security operations and how to get them in the best possible position to protect your business from cyber attacks and breaches? and what can you learn about this new platform?
arctic wolfforticlient emspowershellekz infostealercve202635616httpremote accesschromehttp postfirefoxwolf
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
EKZ Infostealer
Indicators of Compromise (2 / 13 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 338662fd0c4d750a0ba203a32b59f081 MD5 of 17e771c78430cc67e71d4547f8996a1a488e9d3f 2026-05-28
FileHash-MD5 8c5b72906e8183037532afc3f4639931 2026-05-28
References (1)
↗ https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch/