2021-04-12 (MONDAY) - GUILDMA (ASTAROTH) FROM BRAZIL-BASED MALSPAM

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-04-12-IOCs-from-Guildma-infection.txt.zip   4.0 kB   (3,950 bytes)
• 2021-04-12-Guildma-malspam-4-examples.zip   14.1 kB   (14,102 bytes)
• 2021-04-12-Guildma-infection-traffic.pcap.zip   8.5 MB   (8,544,600 bytes)
• 2021-04-12-malware-and-artifacts-from-Guildma-infection.zip   3.5 MB   (3,505,971 bytes)

 

IMAGES

Shown above:  Screenshot of the malicious email.

 

Shown above:  Clicking the link offered a ZIP archive for download and redirected to Google.

 

Shown above:  Downloaded ZIP archive and extracted Windows shortcut.

 

Shown above:  Some of the malware/artifacts from today's Guildma infection.

 

Click here to return to the main page.