mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
commit
795ee95a27
1 changed files with 8 additions and 3 deletions
|
@ -3480,9 +3480,14 @@
|
|||
"description": "The campaign spreads via phishing emails posing as invoices, tax reports, invitations and similar types of messages containing a ZIP archive attachment with a malicious LNK file. When a user opens the malicious LNK file, it abuses the Windows Management Instrumentation Command-line tool and silently downloads a malicious XSL file. The XSL file downloads all of Guildma’s modules and executes a first stage loader, which loads the rest of the modules. The malware is then active and waits for commands from the C&C server and/or specific user interactions, such as opening a webpage of one of the targeted banks.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil"
|
||||
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil",
|
||||
"https://www.securityweek.com/extensive-living-land-hides-stealthy-malware-campaign",
|
||||
"https://isc.sans.edu/diary/rss/28962",
|
||||
"https://otx.alienvault.com/pulse/6303804723bccc7e3caad737?utm_userid=alexandre.dulaunoy@circl.lu&utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed"
|
||||
],
|
||||
"synonyms": []
|
||||
"synonyms": [
|
||||
"Astaroth"
|
||||
]
|
||||
},
|
||||
"uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867",
|
||||
"value": "Guildma"
|
||||
|
@ -3531,5 +3536,5 @@
|
|||
"value": "Ragnatela"
|
||||
}
|
||||
],
|
||||
"version": 38
|
||||
"version": 39
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue