Dismantling a Fileless CampaignL Microsoft Defender ATP Next-Gen Protection Exposes Astaroth Attack


#1

Dismantling a Fileless CampaignL Microsoft Defender ATP Next-Gen Protection Exposes Astaroth Attack (Jul 8, 2019)

A warning has been issued by Microsoft regarding fileless attacks spreading Astaroth malware. Astaroth malware steals sensitive information such as credentials, and keystrokes to use for theft or to sell to cyber criminals. Identified by Windows Defender ATP, users are sent emails with a malicious file attachment which, if downloaded, downloads malicious code that executes in memory, a fieless execution. This technique makes it more difficult for anti-virus software to identify.

Recommendation: Emails containing attachments for download should be viewed with the utmost scrutiny and attachments should be avoided unless the sender is known, trusted and can be verified.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.