2022-01-17 (MONDAY) - ASTAROTH (GUILDMA) ACTIVITY

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

REFERENCE:

• https://twitter.com/Unit42_Intel/status/1483960736502136832

ASSOCIATED FILES:

• 2022-01-17-Astaroth-Guildma-malspam-1927-UTC.eml.zip   2.5 kB   (2,477 bytes)
• 2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt.zip   3.1 kB   (3,125 bytes)
• 2022-01-17-Astaroth-Guildma-images-from-infected-host.zip   2.7 MB   (2,725,661 bytes)
• 2022-01-17-Astaroth-Guildma-initial-infection-web-traffic-only.pcap.zip   8.7 MB   (8,720,838 bytes)
• 2022-01-17-Astaroth-Guildma-malware-and-artifacts.zip   8.9 MB   (8,911,887 bytes)
• 2022-01-17-Astaroth-Guildma-traffic-after-reboot-and-manually-viewing-banco.bradesco.pcap.zip   897 kB   (896,646 bytes)

NOTES:

• The email is from Monday 2022-01-17, but my lab infection happened later that evening after 00:00 UTC on Tuesday 2022-01-18.

 

Click here to return to the main page.