2023-01-04 (WEDNESDAY) - ASTAROTH (GUILDMA) MALWARE INFECTIONS

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

REFERENCE:

• SANS Internet Storm Center (ISC) diary: More Brazil malspam pushing Astaroth (Guildma) in January 2023

 

NOTES:

• By the time I ran infection traffic from these malware samples, the next day had started in UTC time.

• In the first pcap, I let the infected host run overnight, then I opened banco.bradesco the website in a web browser, so that particular traffic was not caused by the malware.

 

FILES FROM 2023-01-03 INFECTION:

• 2023-01-04-part-1-IOCs-for-Astaroth-Guildma-infection-on-01-03.txt.zip   2.9 kB   (2,868 bytes)
• 2023-01-04-part-1-Astaroth-Guildma-malspam-2-examples-from-01-03.zip   5.8 kB   (5,780 bytes)
• 2023-01-04-part-1-malware-and-artifacts-from-Astaroth-Guildma-infection-on-01-03.zip   8.0 MB   (8,004,034 bytes)
• 2023-01-04-part-1-Astaroth-Guildma-infection-traffic-on-01-03.pcap.zip   13.7 MB   (13,722,066 bytes)

 

FILES FROM 2023-01-04 INFECTION:

• 2023-01-04-part-2-IOCs-for-Astaroth-Guildma-infection-on-01-04.txt.zip   3.0 kB   (2,991 bytes)
• 2023-01-04-part-2-Astaroth-Guildma-malspam-2-examples-from-01-04.zip   5.2 kB   (5,176 bytes)
• 2023-01-04-part-2-malware-and-artifacts-from-Astaroth-Guildma-infection-on-01-04.zip   7.9 MB   (7,859,332 bytes)
• 2023-01-04-part-2-Astaroth-Guildma-infection-traffic-from-01-04.pcap.zip   9.6 MB   (9,645,147 bytes)

 

Click here to return to the main page.