top of page

Brazil malspam pushes Astaroth (Guildma) malware

Today's diary is a quick post of an Astaroth (Guildma) malware infection SANS generated on Friday 2022-08-19 from a malicious Boleto-themed email pretending to be from Grupo Solução & CIA. Boleto is a payment method used in Brazil, while Grupo Solução & CIA is Brazil-based company.

MALWARE FAMILIES: Astaroth, Guildma

ATT&CK IDS: T1566 - Phishing, T1547 - Boot or Logon Autostart Execution, T1204.002 - Malicious File, T1059.001 - PowerShell, T1434 - App Delivered via Email Attachment, T1547.009 - Shortcut Modification, T1002 - Data Compressed, TA0011 - Command and Control, T1059.007 - JavaScript, T1218 - Signed Binary Proxy Execution, T1204.001 - Malicious Link

Read More:



Commenting has been turned off.
bottom of page