Trojan:Win64/Gozi.RE!MTB

Guidance for individual users

Keep your operating system and antivirus products up to date.

To learn more about preventing trojans or other malware from affecting individual devices, read about preventing malware infection.

Guidance for enterprise administrators

Apply these mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations.

Initial access

• Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites. Turn on network protection to block connections to malicious domains and IP addresses.

Security controls

• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Use Microsoft Defender for Office 365 for enhanced phishing protection and coverage against new threats and polymorphic variants. Defender for Office 365 customers should ensure that Safe Links protection is enabled for users with Zero-hour Auto Purge (ZAP) to remove emails when a URL gets weaponized post-delivery.
• Turn on tamper protection features to prevent attackers from stopping security services.
• Use the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among endpoints whenever possible. This limits lateral movement as well as other attack activities. Check your perimeter firewall and proxy to restrict servers from making arbitrary connections to the internet to browse or download files.

Credential hygiene

• Practice the principle of least privilege and maintain credential hygiene. Avoid the use of domain-wide, admin-level service accounts. Restricting local administrative privileges can help limit the installation of RATs and other unwanted applications.