Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Jun 01, 2021 | Updated Jun 02, 2021

TrojanDropper:JS/EnvyScout.A!dha

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Microsoft Defender Antivirus detects and removes this threat.

This threat is a is a malicious dropper capable of de-obfuscating and writing a malicious ISO file to disk. EnvyScout is mainly delivered to targets of NOBELIUM as spear-phishing email attachment. NOBELIUM is the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.

Read the following blogs for details:

Microsoft Defender Antivirus automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat. 

 To help reduce the impact of this threat, you can: 

  • Contact your incident response team and start the incident response process. If you don't have one, contact Microsoft support for investigation and remediation services.
  • Immediately isolate the affected device. If malicious code has been launched, it is likely that the device is under complete attacker control.
  • Identify the accounts that have been used on the affected device and consider these accounts compromised. Reset passwords or decommission the accounts.
  • Investigate the device timeline for indications of lateral movement activities using one of the compromised accounts. Check for additional tools that attackers might have dropped to enable credential access, lateral movement, and other attack activities.
  • Scope the incident. Find related devices, network addresses, and files in the incident graph.
  • Contain and mitigate the breach. Stop suspicious processes, isolate affected devices, decommission compromised accounts or reset passwords, block IP addresses and URLs, and install security updates.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us