• This sample is noteworthy as a variant has been used in the recent Bundestag compromise. It is a 64-bit executable that can read commands issued by an attacker.
    Read more   

  • This backdoor is implicated in the 2015 compromise of the German parliament, also known as Bundestag. This malware connects to a specific C&C server that we believe was controlled by Operation Pawn Storm during extended periods from February 2014 - February 2015.
    Read more   

  • This is one of the Trend Micro detections on the recent Stegoloader malware that affected healthcare organizations in North America. Steganography is a technique where malicious codes are embedded in image files to avoid detection.
    Read more   

  • This backdoor is implicated in the 2015 compromise of the German parliament, also known as Bundestag. This malware connects to a specific C&C server that we believe was controlled by Operation Pawn Storm during extended periods from February 2014 - February 2015.
    Read more   

  • This exploit was included in the Magnitude Exploit Kit, which allowed attackers to spread crypto-ransomware into their target systems in the US, Canada, and the UK.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
    Read more   

  • This malware component is related to the Punkey point-of-sale (PoS) malware, which was uncovered in April 2015. To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.
    Read more   

  • This malware component is related to the Punkey point-of-sale (PoS) malware, which was uncovered in April 2015. To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.
    Read more   

  • This DYRE variant is downloaded by an upgraded version of UPATRE that has the capability to disable detection. Other notable routines of the said UPATRE variant include disabling of firewall/network related security via modifying registry entries and stopping of related services.
    Read more   

  • This malware poses as a Chrome browser plugin required to play videos. Users receive a message with a link in the social networking site, Facebook.
    Read more   

  • This malware hooks itself onto certain browsers in the affected system for purposes of information theft. It also wipes the affected system's Master Boot Record(MBR) if it detects security detection efforts, which can cause loss of sensitive data/critical documents.
    Read more