We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Aliases: No associated aliases
Microsoft Defender Antivirus detects and removes this threat.
This threat has been active since at least 2013. This backdoor has been observed to be used by the threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.
PterodoGen sends sensitive information about the host to a command-and-control address. It is also capable of establishing remote access connections, capturing keyboard input, downloading and uploading files, dropping malware payloads, performing denial-of-service (DoS) attacks, and running or terminating processes.
Read the following blog for more information:
Microsoft Defender Antivirus automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat.
To help reduce the impact of this threat, you can:
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.