Towerwall has aligned itself with industry-leading security application and policy management solution providers. These strategic relationships enable us to offer our customers an integrated approach to solving their security and policy management needs by coupling best-of-breed technology with top-notch integration services.

Backdoor
ANDROIDOS_WORMHOLE.HRXA

This malware leverages Moplus SDK to automatically and periodically deploy unwanted applications onto Android devices. Moplus SDK has been found out to include backdoor capabilities.

Learn More
Backdoor
BKDR_KASIDET.XXRO

This malware is the payload for the Adobe Flash zero-day exploit (assigned with CVE-2015-7645) which is used in the cyberespionage campaign, Pawn Storm. In addition, the Angler Exploit Kit has reportedly integrated CVE-2015-7645.

Learn More
Spyware
TSPY_ROVNIX.YPOB

This malware is the payload for the malvertising campaign that affected around 3,000 Japanese websites. The said attack uses Angler kit which leveraged vulnerabilities in Internet Explorer and Adobe Flash Player.

Learn More
Trojan
TROJ_GREENDISPENSER.A

This malware, discovered late September 2015, lets attackers force an ATM to dispense cash without proper authorization. It also has the capability to delete itself from the infected system to prevent detection.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

Learn More
Backdoor
BKDR_ALINA.POSKAT

This is the detection for the Katrina point-of-sale (PoS) malware.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

Learn More
Worm
WORM_KASIDET.NM

This is one of the samples related to the Neutrino bot or Kasidet. Its code was leaked in the underground forum last July 2015. This malware, which has PoS-scraping routines, is also the payload for the Sundown exploit kit.

Learn More
Worm
WORM_KASIDET.SC

This is one of the samples related to the Neutrino bot or Kasidet. Its code was leaked in the underground forum last July 2015. This malware specifically affects PoS systems running on Windows operating systems (OS).

To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below.

Learn More
Backdoor
BKDR_KASIDET.FD

This is one of the samples related to the Neutrino bot or Kasidet. Its code was leaked in the underground forum last July 2015.

 

Learn More
Backdoor
BKDR_CARBANAK.B

This is the latest CARBANAK variant reportedly related to the compromised Microsoft Windows client. CARBANAK is a malware family that hits banks and financial organizations.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

Learn More
Backdoor
BKDR_CARBANAK.C

This is the latest CARBANAK variant reportedly related to the compromised Microsoft Windows client. CARBANAK is a malware family that hits banks and financial organizations.

Learn More
Spyware
TSPY_SHIZ.MJSU

This malware is related to the attack on certain banking organizations in Japan on late August/Early September 2015. Users with systems affected by this malware may find their online banking accounts compromised.

This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Learn More
Backdoor
BKDR_EMDIVI.ZJCH-A

This malware is related to an active campaign that compromised Japanese websites and used these as C&C servers of EMDIVI Backdoor.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

Learn More
Others
ANDROIDOS_MSGDOS.A

This detection is a proof of concept (PoC) malware related to the Android vulnerability CVE-2015-3839.

To get a one-glance comprehensive view of the behavior of this Others, refer to the Threat Diagram shown below.

Learn More
Others
ANDROIDOS_MSGCRACK.A

This detection is a proof of concept (PoC) malware related to the Android vulnerability CVE-2015-3840.

To get a one-glance comprehensive view of the behavior of this Others, refer to the Threat Diagram shown below.

Learn More
Trojan
ELF_DDOSTK.A

This malware is the payload for the BIND Denial of Service vulnerability assigned with CVE-2015-5477. Once this vulnerability is successfully exploited, it could launch denial of service attacks.

Learn More
Trojan
DDOS_TKEY.A

This malware is the payload for the BIND Denial of Service vulnerability assigned with CVE-2015-5477. Once this vulnerability is successfully exploited, it could launch denial of service attacks.

Learn More
Trojan
RANSOM_CRYPRAAS.SM

This is the Trend Micro detection for the Encryptor RaaS (Ransomware as a Service) that has the capability to set deadlines as well as for the ransom amount to increase. This new platform allows attackers and cybercriminals to create their own ransomware for free.

Learn More
Trojan
TROJ_CRYPLOCK.XW

This TorrentLocker variant has the capability to double the amount of decryption after its 5-day deadline. It arrives via spam message purporting as a business email that targeted an Australian company.

Learn More
Backdoor
BKDR_POISON.TUFW

This malware is related to the campaign that targeted TV and government-related websites in Hong Kong and Taiwan. In the said campaign, attackers used Flash exploits that emerged from the Hacking Team leak to deliver this PoisonIvy variant.

Learn More
Trojan
SWF_CVE20155122.A

This malware is related to the campaign that targeted TV and government-related websites in Hong Kong and Taiwan. In the said campaign, attackers used Flash exploits that emerged from the Hacking Team leak to deliver PoisonIvy.

Learn More
Spyware
TROJ_RECOLOAD.A

This Point-of-Sales (PoS) reconnaissance malware checks if the infected system is part of a PoS network or if it is a PoS machine. An attack uses Angler Exploit Kit to spread this PoS malware. In addition, it also employs Adobe Flash vulnerabilities covered in CVE-2015-0336 and CVE-2015-3104 respectively as entry point to the system.

Learn More
Trojan
JAVA_DLOADR.EFD

This is the detection for the Java zero-day exploit (designated with CVE-2015-2590) that was used in the targeted attack campaign, Operation Pawn Storm. Once successfully exploited, it downloads another malware detected as TROJ_DROPPR.CXC, which in turn, drops a SEDNIT variant.

Learn More
Backdoor
ANDROIDOS_HTBENEWS.A

This is the detection for the Android malware that exploits local privilege escalation vulnerability in Android devices (CVE-2014-3153). During our monitoring of Hacking Team dump, our researchers spotted a fake news application that has capability to circumvent the filtering of Google Play.

Learn More
Trojan
TROJ_DROPPR.CXC

This is the detection for the second stage malware related to the new Java zero-day exploit which was used in the targeted attack campaign, Operation Pawn Storm. In the second stage of the attack, it downloads this malware, which serves as a dropper of .DLL file detected as TSPY_SEDNIT.C.

Learn More
Trojan
TROJ_FLASHUP.B

The malicious files <i>flash32.exe</i> and <i>kbflashUpd.dll</i> are detected as TROJ_FLASHUP.A and TROJ_FLASHUP.B, respectively. These are the downloaded payloads of TROJ_NETISON.AB. The malware TROJ_NETISON.AB is the payload from the Adobe Flash zero-day vulnerability CVE-2015-5119.

Learn More
Trojan
TROJ_FLASHUP.A

The malicious files <i>flash32.exe</i> and <i>kbflashUpd.dll</i> are detected as TROJ_FLASHUP.A and TROJ_FLASHUP.B, respectively. These are the downloaded payloads of TROJ_NETISON.AB. The malware TROJ_NETISON.AB is the payload from the Adobe Flash zero-day vulnerability CVE-2015-5119.

Learn More
Trojan
TROJ_CRYPWALL.XXTXM

Exploit kits such as Angler Exploit Kit and Nuclear Exploit Pack have been updated to include one of the recent Hacking Team Flash zero-day vulnerabilities. Magnitude Exploit kit, in particular, includes CVE-2015-5119 to its exploits. It then leads to a ransomware variant detected as TROJ_CRYPWALL.XXTXM.

Learn More
Trojan
TROJ_NETISON.AB

This is the detection for the payload related to the Hacking Team Flash zero-day affecting latest version of Flash in Windows, Mac, and Linux. Once this zero-day vulnerability has been successfully exploited, it downloads this malware.

Learn More
Spyware
TSPY_WOOLERG.A

This malware is involved in Operation Woolen Goldfish, an advanced targeted attack campaign executed by threat actor Rocket Kitten and reported on March 2015. It steals personal information from affected system through keylogging.

Learn More
Trojan
JS_DLOAD.CRYP

This malware is related to CryptoWall 3.0 attacks seen in March 2015.

Learn More
Trojan
JS_DLOADE.XXPU

This malware is involved in the Cryptowall 3.0 attacks detected on March 2015.

Learn More
Trojan
JS_DLOADR.JBNZ

This malicious JavaScript downloads and executes a CryptoWall 3.0 ransomware variant and a FAREIT spyware.

Learn More
Trojan
TROJ_CRYPWAL.YOI

This variant is also known as CryptoWall 3.0.

Learn More
Spyware
TSPY_FAREIT.YOITSPY_FAREIT.YOI

This malware is related to CryptoWall 3.0 attacks seen in March 2015.

Learn More
Trojan
W2KM_BARTALEX.EU

This is macro-based malware that employed a bogus Air Canada e-ticket with an attached .DOC file.

Learn More
WF_EXPLOIT.OJF

This malware exploits an Adobe Flash zero-day vulnerability. When a system is exploited successfully, it allows a remote user to execute arbitrary code on the system.

Learn More
Spyware
TSPY_POSNEWT.SM

This Point-of-Sale(PoS) malware was discovered on April 2015 attempting to target certain US-based airports. PoS devices infected by this malware should be considered compromised due to its info-stealing routines.

Learn More
Adware
ANDROIDOS_ADMDASH.HRX

This is the Trend Micro detection for the SDK found in possibly thousands of apps once hosted in Google Play. Most of these apps have been since removed.

Learn More
Trojan
TROJ_LAZIOK.B

This malware has been seen in campaigns that target the energy sector.This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Learn More
Trojan
TROJ_LAZIOK.D

This malware has been seen in campaigns that target the energy sector.This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Learn More
Trojan
BAT_CRYPVAULT.A

This crypto-ransomware encrypts files and appends an extension that may look like it is a quarantined file. Quarantined files are usually done by anti-malware products.

Learn More
Worm
VBS_KJWORM.SMA

This malware is involved in the targeted attack incident that shut down a global French-language television network on April 2015. Users affected by this malware may find the security of their systems compromised.

Learn More
Backdoor
BKDR_SIMDA.SMEP2

This malware, which is known for its HOSTS file modification routines, is related to the SIMDA botnet. Last April 2015, Trend Micro together with Cyber Defense Institute, Interpol, and other security vendors collaborated for the takedown of the said botnet.

Learn More
Backdoor
BKDR_SIMDA.SMEP

This malware family takes its name from the SIMDA botnet operations, which was taken down in April 2015.This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Learn More
Trojan
TROJ_CRYPTESLA.CAG

This crypto-ransomware is one of the malware payloads of Fiesta exploit kit. Typically, exploit kits are used to deliver or spread threats.

Learn More
Trojan
W2KM_BARTALEX.SMA

BARTALEX is a macro malware responsible to a spam outbreak affecting enterprises. It uses Microsoft document and social engineering lures, which in this case, it leverages Automated Clearing House.

Learn More
Trojan
TROJ_WERDLOD.D

This online banking Trojan modifies an affected system’s proxy settings and adds a malicious root certificate to allow information theft at the network level. These behaviors are seen in malware used in Operation Emmental.

Learn More
Backdoor
BKDR_ROMBERTIK.A

This malware hooks itself onto certain browsers in the affected system for purposes of information theft. It also wipes the affected system’s Master Boot Record(MBR) if it detects security detection efforts, which can cause loss of sensitive data/critical documents.

Learn More