#astaroth

j43147j43147
2025-06-10

Call me by your name 🐍

2025-03-06 (Thursday): More #Astaroth (#Guildma) #maslpam today.

URLs for the initial zip download:

hxxps[:]//51.190.202[.]64.host.secureserver[.]net/contrato/Relatorio_PDF_144247

hxxps[:]//222.20.205[.]92.host.secureserver[.]net/contrato/Autenticar_PDF_956644

Screenshot of phishing email 1 of 2.Screenshot of phishing email 2 of 2.

2025-03-05 (Wednesday): #Astaroth ( #Guildma ) distributed through Brazil #malspam

As usual, I didn't get a full infection chain, but I did get the initial zip archive from that link in the email.

Details at github.com/malware-traffic/ind

Screenshot from the DocuSign-themed Portuguese language (Brazil) email, showing the link to download malware.Web browser showing download of zip archive from link in the email. Also shows the zip archive content, a Windows shortcut.Details of the Windows shortcut extracted from the downloaded zip archive. The target is a command string using cmd.exe to run obfuscated code that results in a URL for further malware.
D3LabD3Lab
2024-12-27

πŸ“’ Campagne - Week 52 🚨

β˜£οΈπŸ‘»πŸ’£β˜ οΈ
: Ordine
: Fake OpenAI
: Fattura
: Fattura
: Booking

2024-10-17

πŸ’‘ Did you know that the Astaroth malware can completely bypass traditional security by using obfuscated JavaScript and exploiting trusted Windows tools? πŸ›‘οΈ

⚠️ Cybersecurity tip: Always be cautious when opening emails with ZIP attachments, especially if they claim to be from trusted sources like tax authorities. Phishing attacks are evolving fast!

What measures do you take to protect against phishing and fileless malware?

Read more about how the Water Makara group targets Brazil’s enterprises with Astaroth:
guardiansofcyber.com/threats-v

#Cybersecurity #GuardiansOfCyber #Guardians #Phishing #Malware #Astaroth #ObfuscatedJavaScript #DataSecurity #CVE #ThreatDetection #WaterMakara

Anonymous πŸˆοΈπŸΎβ˜•πŸ΅πŸ΄πŸ‡΅πŸ‡Έ :af:youranonriots@kolektiva.social
2024-10-16

πŸ›‘ A new spear-phishing campaign in #Brazil is using a clever trick to bypass security guardrails and deliver the dangerous #Astaroth #malware.

thehackernews.com/2024/10/asta

#cybersecurity #hacking

D3LabD3Lab
2024-03-01

Campagne Week 09
πŸ”₯β˜ οΈπŸ’£πŸ‘»

: Ordini
: Booking
: APK Bank
: APK Bank
: Bonifico
: Resend
: Fattura

D3LabD3Lab
2024-02-23

Campagne Week 08

πŸ”₯β˜ οΈπŸ’£πŸ‘»
: Ordine
: Bonifico
: APK Bank
: Resend
: Quote
: Elenco
: Fattura
: Fattura
: Giacenza GLS

b4n1shedb4n1shed
2024-02-20

Just published our latest research into a series of ongoing malware campaigns abusing Google Cloud Run to distribute the & banking trojans, primarily across LATAM.

Check it out!

blog.talosintelligence.com/goo

D3LabD3Lab
2024-02-16

Campagne Week 07

πŸ”₯πŸ‘»πŸ’£β˜ οΈ
: Ordine
: Quotazione
: Resend
: Fattura
/ : APK Bank
: Condivisione
: Avviso Giacenza GLS
: Ordine
: Agenzia Entrate

D3LabD3Lab
2024-02-02

Campagne Week 05
πŸ’£β˜ οΈπŸ”₯πŸ‘»

: Ordine
: Avviso Giacenza GLS/DHL
: Documento
: Apk Bank
: Fattura
: Credito

D3LabD3Lab
2024-01-26

Campagne Week 04
πŸ’£β˜ οΈπŸ”₯πŸ‘»
: Prezzo
: Preventivo
: Fattura
: Resend HTML
: Apk

D3LabD3Lab
2024-01-19

Campagne Week 03
πŸ’£β˜ οΈπŸ”₯πŸ‘»
: Ordine
: Fattura
: APK Token Bancario
: Sollecito

D3LabD3Lab
2024-01-12

Campagne Week 02

πŸ”₯β˜ οΈπŸ’£β˜ οΈ
: Ordine
: Recupero crediti
: APK Token Bancario
: Pagamento
: Fattura

Sollyz Sundyz πŸ”žsollyzsundyz@mstdn.in.th
2023-09-05
🜏 satans_fluffer 🜏satans_fluffer@mastodon.art
2023-09-03

Another Astaroth is always needed. I definitely want to draw more leopard print now. #astaroth #demon #goetia #transart #queerart

Astaroth poses with his sword. He is hairy and has top surgery scars. He is wearing leather gear and a crown.
🜏 satans_fluffer 🜏satans_fluffer@mastodon.art
2023-08-09

Look at the shiny, perhaps even be compelled by it. #queerart #transart #astaroth #satanism

🜏 satans_fluffer 🜏satans_fluffer@mastodon.art
2023-08-09

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst