Skip to content

Commit

Permalink
Updated 2023-12-11-IOCs-for-Astaroth-Guildma-activity.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Dec 12, 2023
1 parent e0075e3 commit d331950
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion 2023-12-11-IOCs-for-Astaroth-Guildma-activity.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
2023-12-11 (MONDAY): INFECTION FROM BRAZIL PORTUGUESE MALSPAM (ASTAROTH/GUILDMA)

REFERENCES:

- https://www.linkedin.com/posts/unit42_malspam-guildma-astaroth-activity-7140451772770205696-t2d6/
- https://twitter.com/Unit42_Intel/status/1734686148289777666

NOTES:

- This infection method has previously delivered malware called "Astaroth" or "Guildma."
Expand Down Expand Up @@ -107,4 +112,4 @@ RUNNING THE WINDOWS SHORTCUT:

POST-INFECTION C2 TRAFFIC:

- TCP port 27156 - 1.tcp.sa.ngrok[.]io - TCP traffic
- TCP port 27156 - 1.tcp.sa.ngrok[.]io - TCP traffic

0 comments on commit d331950

Please sign in to comment.