Today's diary is a quick post of an Astaroth (Guildma) malware infection SANS generated on Friday 2022-08-19 from a malicious Boleto-themed email pretending to be from Grupo Solução & CIA. Boleto is a payment method used in Brazil, while Grupo Solução & CIA is Brazil-based company.
REFERENCE: https://isc.sans.edu/diary/rss/28962
MALWARE FAMILIES: Astaroth, Guildma
ATT&CK IDS: T1566 - Phishing, T1547 - Boot or Logon Autostart Execution, T1204.002 - Malicious File, T1059.001 - PowerShell, T1434 - App Delivered via Email Attachment, T1547.009 - Shortcut Modification, T1002 - Data Compressed, TA0011 - Command and Control, T1059.007 - JavaScript, T1218 - Signed Binary Proxy Execution, T1204.001 - Malicious Link
Read More:
Comments