We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:Win64/TwoDash!dha
Aliases: No associated aliases
Summary
TrojanDownloader:Win64/TwoDash!dha is a covert malware variant, seamlessly blending trojan and downloader characteristics. TwoDash collects system information, then connects to a hard-coded command and control (C2) server on port 9443. Once connected, TwoDash sends the collected information to the C2 server. TwoDash downloads and installs various programs, including additional malware, onto a compromised device without the user’s explicit consent.
To mitigate the issue, follow these steps:
- Apply security updates promptly, especially for the specified vulnerabilities, on all applications and operating systems. Consult the Microsoft Security Update Guide for comprehensive information on available Microsoft Security updates.
- Follow the principle of least privilege and maintain credential hygiene. Avoid using domain-wide, admin-level service accounts. Restrict local administrative privileges to mitigate the potential installation of remote access trojans (RATs) and other undesirable applications.
- Network segmentation is useful in constraining the propagation of malware infections. The process involves partitioning a network into smaller segments, effectively confining an infection to a single segment rather than permitting its unrestricted spread across the entire network.
- Promote the use of Microsoft Edge and other web browsers that support SmartScreen, a feature identifying and blocking malicious websites, including phishing sites, scam sites, and those hosting exploits or malware.
- Block the launch of downloaded executable content by disabling JavaScript and VBScript.
