MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

update Guildma

pull/758/head
Delta-Sierra 2022-08-24 14:07:01 +02:00
parent b0ffb843b0
commit cb422c2190
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
clusters/rat.json
View File

@ -3480,9 +3480,12 @@
"description": "The campaign spreads via phishing emails posing as invoices, tax reports, invitations and similar types of messages containing a ZIP archive attachment with a malicious LNK file. When a user opens the malicious LNK file, it abuses the Windows Management Instrumentation Command-line tool and silently downloads a malicious XSL file. The XSL file downloads all of Guildmas modules and executes a first stage loader, which loads the rest of the modules. The malware is then active and waits for commands from the C&C server and/or specific user interactions, such as opening a webpage of one of the targeted banks.",
"meta": {
"refs": [
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil"
"https://www.securityweek.com/guildma-malware-expands-targets-beyond-brazil",
"https://www.securityweek.com/extensive-living-land-hides-stealthy-malware-campaign",
"https://isc.sans.edu/diary/rss/28962",
"https://otx.alienvault.com/pulse/6303804723bccc7e3caad737?utm_userid=alexandre.dulaunoy@circl.lu&utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed"
],
"synonyms": []
"synonyms": ["Astaroth"]
},
"uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867",
"value": "Guildma"
@ -3531,5 +3534,5 @@
"value": "Ragnatela"
}
],
"version": 38
"version": 39
}