Merge pull request #758 from Delta-Sierra/main

update Guildma
This commit is contained in:
Alexandre Dulaunoy 2022-08-24 16:21:00 +02:00 committed by GitHub
commit 795ee95a27
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3480,9 +3480,14 @@
"description": "The campaign spreads via phishing emails posing as invoices, tax reports, invitations and similar types of messages containing a ZIP archive attachment with a malicious LNK file. When a user opens the malicious LNK file, it abuses the Windows Management Instrumentation Command-line tool and silently downloads a malicious XSL file. The XSL file downloads all of Guildmas modules and executes a first stage loader, which loads the rest of the modules. The malware is then active and waits for commands from the C&C server and/or specific user interactions, such as opening a webpage of one of the targeted banks.", "description": "The campaign spreads via phishing emails posing as invoices, tax reports, invitations and similar types of messages containing a ZIP archive attachment with a malicious LNK file. When a user opens the malicious LNK file, it abuses the Windows Management Instrumentation Command-line tool and silently downloads a malicious XSL file. The XSL file downloads all of Guildmas modules and executes a first stage loader, which loads the rest of the modules. The malware is then active and waits for commands from the C&C server and/or specific user interactions, such as opening a webpage of one of the targeted banks.",
"meta": { "meta": {
"refs": [ "refs": [
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil" "https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil",
"https://www.securityweek.com/extensive-living-land-hides-stealthy-malware-campaign",
"https://isc.sans.edu/diary/rss/28962",
"https://otx.alienvault.com/pulse/6303804723bccc7e3caad737?utm_userid=alexandre.dulaunoy@circl.lu&utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed"
], ],
"synonyms": [] "synonyms": [
"Astaroth"
]
}, },
"uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867", "uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867",
"value": "Guildma" "value": "Guildma"
@ -3531,5 +3536,5 @@
"value": "Ragnatela" "value": "Ragnatela"
} }
], ],
"version": 38 "version": 39
} }