W32/Agent.DCWP!tr
Analysis
W32/Agent.DCWP!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as W32/Agent.DCWP!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware was allegedly related to the backdoor found in the United States' Commission network. The trojan is linked to the attack due to the similarities of the .dll that was used as a decryptor during the infiltration of the United States Commission network.
- This malware has been associated with a third party article/advisory.
The correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource.
- This malware serves as a decryption tool to decrypt and execute a malicious .log file in memory.
- Following are some of the exact IOCs/file hash associated with this detection:
- Md5: 2895043b9d230cae6ee47c7f223a9f46
Sha256: bcfacc1ad5686aee3a9d8940e46d32af62f8e1cd1631653795778736b67b6d6e
- Md5: 2895043b9d230cae6ee47c7f223a9f46
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |