During our investigation, we found other malware being used in the attack. Trend Micro detects these as:
Deep Discovery detecting exploit attached to spear phishing email
Sandbox analysis result for a sample Carbanak variant
Deep Discovery Inspector heuristically detecting traffic from Ammy Remote Admin ToolDeep Discovery Inspector is capable of monitoring traffic across all ports and more than 80 protocols and applications to detect threats that are purposely built to evade traditional security defenses. It also features Trend Micro Advanced Threat Scan Engine that is able to detect the malicious email attachments with embedded exploit code through its forward-looking heuristic rules.