2023-01-03 (TUESDAY) AND 01-04 (WEDNESDAY) - ASTAROTH (GUILDMA) MALWARE INFECTIONS
REFERENCE:
- SANS Internet Storm Center (ISC) diary: More Brazil malspam pushing Astaroth (Guildma) in January 2023
NOTES:
- Zip files are password-protected. If you don't know the password, see the "about" page of this website.
- By the time I ran infection traffic from these malware samples, the next day had started in UTC time.
- In the first pcap, I let the infected host run overnight, then I opened banco.bradesco the website in a web browser, so that particular traffic was not caused by the malware.
FILES FROM 2023-01-03 INFECTION:
- 2023-01-03-IOCs-for-Astaroth-Guildma-infection.txt.zip 2.8 kB (2,836 bytes)
- 2023-01-03-Astaroth-Guildma-malspam-2-examples.zip 5.3 kB (5,262 bytes)
- 2023-01-03-malware-and-artifacts-from-Astaroth-Guildma-infection.zip 8.0 MB (8,001,152 bytes)
- 2023-01-04-Astaroth-Guildma-infection-traffic.pcap.zip 13.7 MB (13,722,034 bytes)
FILES FROM 2023-01-04 INFECTION:
- 2023-01-04-IOCs-for-Astaroth-Guildma-infection.txt.zip 3.0 kB (2,959 bytes)
- 2023-01-04-Astaroth-Guildma-malspam-2-examples.zip 4.7 kB (4,658 bytes)
- 2023-01-04-malware-and-artifacts-from-Astaroth-Guildma-infection.zip 7.9 MB (7,856,612 bytes)
- 2023-01-05-Astaroth-Guildma-infection-traffic.pcap.zip 9.6 MB (9,645,111 bytes)
Click here to return to the main page.