We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:MSIL/QuietSieve.Gen!dha
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this threat.
This threat exfiltrates stolen files. It steals your device information like System Information, file information, running process, while taking screenshots.
This threat has been observed to be used by ACTINIUM, also referred to publicly as Gamaredon.
Read the following blog for more information:
Microsoft Defender Antivirus automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat.
To help reduce the impact of this threat, you can:
- Contact your incident response team and start the incident response process. If you don't have one, contact Microsoft support for forensic investigation and remediation services. A forensic investigation is important to assess the damage that might have been done.
- Immediately isolate the affected device. Disconnect this device from the network to prevent further infiltration. If malicious code has been launched, it is likely that the device is under complete attacker control.
- Damage assessment should consider doc, docx, xls, rtf, odt, txt, jpg, pdf, rar, zip, and 7z file extensions connected to fixed, networked, or removable drives on the infected host.
- Identify potentially-compromised accounts and begin monitoring for anomalous usage. Reset passwords and/or decommission confirmed affected user accounts.
- Collect and provide the investigation team with indicators of compromise (IOC) for further analysis.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
