{"id":27717,"date":"2019-07-08T21:38:11","date_gmt":"2019-07-08T21:38:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/"},"modified":"2019-07-08T21:38:11","modified_gmt":"2019-07-08T21:38:11","slug":"meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/","title":{"rendered":"Meet the Great Duke of&#8230; DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware"},"content":{"rendered":"<p>Microsoft has lifted the lid on the inner-workings of a particularly nasty piece of fileless malware that aims to pilfer user data without needing to install software on the victim&#8217;s machine.<\/p>\n<p>Dubbed Astaroth \u2013 the same name as the Great Duke of Hell \u2013 the software nasty has been in circulation since 2017 and has primarily been used to steal data from companies in South America and Europe via targeted attacks launched through spear-phishing.<\/p>\n<p>What makes the infection unique, says Microsoft Defender APT research team member Andrea Lelli, is its ability to fly under the radar of traditional antivirus products by operating without ever needing to install an executable on the victim&#8217;s machine.<\/p>\n<p>&#8220;Astaroth is a notorious info-stealing malware known for stealing sensitive information like credentials, keystrokes, and other data, which it exfiltrates and sends to a remote attacker,&#8221; Lelli <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/07\/08\/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack\/\">explained<\/a> today.<\/p>\n<p>&#8220;The attacker can then use stolen data to try moving laterally across networks, carry out financial theft, or sell victim information in the cybercriminal underground.&#8221;<\/p>\n<p>Typically, the attack begins when a victim opens a link inside a spear-phishing email. That link, in turn, opens up a shortcut file to a terminal command that downloads and runs JavaScript code. The JavaScript now pulls and runs two DLL files that perform the dirty work of logging and uploading the victim&#8217;s information while disguising itself as a system process.<\/p>\n<p>This procedure is highly effective against traditional signature-based detection tools because, throughout the process, nothing other than the DLL files are actually downloaded or installed. Thus there is little opportunity to scan or catch the attack.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/08\/16\/hacker.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Hacker\"><\/p>\n<h2 title=\"Spies, bank raiders gravitate to growing stealth technique\">Sneaky &#8216;fileless&#8217; malware flung at Israeli targets via booby-trapped Word docs<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2017\/04\/28\/fileless_malware_menace\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>It is also an approach that has let Astaroth thrive since late 2017 without having to rely on vulnerability exploits or traditional trojan downloaders.<\/p>\n<p>&#8220;For traditional, file-centric antivirus solutions, the only window of opportunity to detect this attack may be when the two DLLs are decoded after being downloaded\u2014after all, every executable used in the attack is non-malicious,&#8221; said Lelli.<\/p>\n<p>&#8220;If this were the case, this attack would pose a serious problem: since the DLLs use code obfuscation and are likely to change very rapidly between campaigns, focusing on these DLLs would be a vicious trap.&#8221;<\/p>\n<p>To catch the malware, Lelli says, Microsoft and other vendors have had to rely on their heuristic detection tools. In particular, AV tools need to be closely monitoring the use of WMIC command-line code and applying rules when loading DLL files &#8211; such as checking the age of a file and flagging or blocking newly-created DLLs from running. When you know what you are looking for, Lelli explains, fileless malware isn&#8217;t particularly hard for newer security tools to catch.<\/p>\n<p>&#8220;Being invisible may help you for some things, but you should not be under the illusion that you are invincible. The same applies to fileless malware: abusing fileless techniques does not put malware beyond the reach or visibility of security software,&#8221; the Redmond security bod writes.<\/p>\n<p>&#8220;On the contrary, some of the fileless techniques may be so unusual and anomalous that they draw immediate attention to the malware, in the same way that a bag of money moving by itself would.&#8221; \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1842\/-7432\/balancing-consumerization-and-corporate-control?td=wptl1842\">Balancing consumerization and corporate control<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2019\/07\/08\/microsoft_astaroth_examination\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DLL or no DLL? Microsoft has lifted the lid on the inner-workings of a particularly nasty piece of fileless malware that aims to pilfer user data without needing to install software on the victim&#8217;s machine.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27718,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-27717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-08T21:38:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Meet the Great Duke of&#8230; DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware\",\"datePublished\":\"2019-07-08T21:38:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/\"},\"wordCount\":561,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/\",\"name\":\"Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg\",\"datePublished\":\"2019-07-08T21:38:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Meet the Great Duke of&#8230; DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/","og_locale":"en_US","og_type":"article","og_title":"Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-07-08T21:38:11+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Meet the Great Duke of&#8230; DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware","datePublished":"2019-07-08T21:38:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/"},"wordCount":561,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/","url":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/","name":"Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg","datePublished":"2019-07-08T21:38:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-great-duke-of-dll-microsoft-shines-light-on-astaroth-a-devilishly-sneaky-strain-of-fileless-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Meet the Great Duke of&#8230; DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27717"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27717\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27718"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}