Trojan:O97M/RokRat

Guidance for individual users

Keep your operating system and antivirus products up to date. Avoid opening emails and downloading attachments from unknown sources.

To learn more about preventing trojans or other malware from affecting individual devices, read about preventing malware infection. For more tips on how to keep your device safe, go to the Microsoft security help & learning portal.

Guidance for enterprise administrators

Apply these mitigations to reduce the impact of this threat.

Initial access

• Educate end users about protecting personal and business information in social media, filtering unsolicited communication, identifying lures in spear-phishing email and watering holes, and reporting of reconnaissance attempts and other suspicious activity.
• Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites, Turn on network protection to block connections to malicious domains and IP addresses.

Security controls

• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Configure Microsoft Defender for Office 365 to detonate file attachments via Safe Attachments. Safe Attachments provides an additional layer of protection for email attachments by verifying a file in a virtual environment prior to delivering to the inbox.
• Run endpoint detection and response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat, or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-compromise.
• Turn on tamper protection features to prevent attackers from stopping security services.