McAfee announced their findings on a fileless malware package called CactusTorch. This malware package uses .NET assemblies to execute their attack. CactusTorch, for instance, uses the DotNetToJScript technique and writes nothing to disk for anti-virus scanners to find. Compiling the DotNetToJScript tool on the victim’s system produces a .NET executable called DotNetToJScript.exe.
Keep applications and operating systems running at the current released patch level
Ensure anti-virus software and associated files are up to date
Verify, through a separate channel, the legitimacy of any unsolicited email attachments – delete without opening if you can’t validate
Search for existing signs of the indicated IOCs in your environment
Block all URL and IP based IoCs at the firewall, IDS, web gateways, routers or other perimeter-based devices
Indicators of compromise