← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch - Arctic Wolf
WHITE CyberHunter_NL 2026-05-28 Modified: 2026-05-28
13
IOCs
MEDIUM VOLUME
What do you need to know about security operations and how to get them in the best possible position to protect your business from cyber attacks and breaches? and what can you learn about this new platform?
arctic wolfforticlient emspowershellekz infostealercve202635616httpremote accesschromehttp postfirefoxwolf
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
EKZ Infostealer
Indicators of Compromise (13)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2026-0300 2026-05-28
CVE CVE-2026-35616 2026-05-28
FileHash-MD5 338662fd0c4d750a0ba203a32b59f081 MD5 of 17e771c78430cc67e71d4547f8996a1a488e9d3f 2026-05-28
FileHash-MD5 8c5b72906e8183037532afc3f4639931 2026-05-28
FileHash-SHA1 17e771c78430cc67e71d4547f8996a1a488e9d3f 2026-05-28
FileHash-SHA256 0da123adf9251957a4b850a3f6bd6a753dd4892be176a84a18450e899534cc5e SHA256 of 17e771c78430cc67e71d4547f8996a1a488e9d3f 2026-05-28
FileHash-SHA256 2927bc31b4f8254c6b332fc03110a6373cad00ffa2ff9de427c26bb222017bb2 2026-05-28
FileHash-SHA256 2f25ea1b622abf3212141af932c2ec4cbd6b2b5903c2a531121f691227d98cff 2026-05-28
FileHash-SHA256 d91c00fad521e76efa89715cca89db487d5676f2c767c883482f9c8f82bd383a 2026-05-28
FileHash-SHA256 fd65051c61a904a304919c04a8c8633c001183ac73ac461cd4d9057946f02bf5 2026-05-28
IPv4 185.220.101.15 CC=DE ASN=AS208294 cia triad security llc 2026-05-28
IPv4 192.42.116.14 CC=NL ASN=AS1101 surfnet bv 2026-05-28
IPv4 83.138.53.110 CC=NL ASN=AS63473 hosthatch llc 2026-05-28
References (1)
↗ https://arcticwolf.com/resources/blog/forticlient-ems-exploited-via-cve-2026-35616-to-deliver-ekz-infostealer-disguised-as-a-fortinet-patch/