# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/

ta4dcmj.proxy6x-server.website

# Reference: https://twitter.com/cyber__sloth/status/1200366623615594497

campanhacomercialvendas.info

# Reference: https://blog.talosintelligence.com/2020/05/astaroth-analysis.html
# Reference: https://otx.alienvault.com/pulse/5eb9776da9f82b6e9a5d1036

32lpn3ft7eph05.com.de
4nk7h3s453b019.com.de
909nu3dx3rgk13.com.de
9f3rr2tzu2zm14.com.de
a4haub65wwq002.com.de
bantqr8rrm9c11.com.de
centrofinanceirosa.com.de
cg29lhgyrqen08.com.de
f6zn4bt4525p04.com.de
fd85jg5cetko03.com.de
liderfinancesa.com.de
lkjq5t5bqtol06.com.de
prosistemfinancesa.com.de
rwmaz1ewk6lk18.com.de
seusistemafinanceirosa.com.de
sfinanceirosa.com.de
sfinances.com.de
sistemafinanceirosa.com.de
sistemcredita.com.de
tecnofinancesa.com.de
u9gq2b6u4iah07.com.de
wke9c2ebsdoe15.com.de
021oiyzis.ml
1f5tunhpi.ml
6zs1njbw.ml
7ymboe33m.cf
7zip.golf
81rc4uw1b4roh99dmn.cf
84m4bl423.space
88zpv47nuh09wq7.ml
896pc6x93.gq
a01mt584zk32sw1.ml
accountinformation.buzz
accountt.download
adollfhitler.app
amandafix.space
amandafix.tech
anexo.monster
anitagaribaldi.app
asth.app
baixinho11.cf
batigol.ga
bffr.space
bghyh.cf
bifrostsr8.app
billgates.app
blogchief.tk
bnghjh.ml
brigaderua.ml
bubbaoff.press
bvgtt5.gq
bvijuoi.ml
c3v4b5n6m7j89i.tk
carnegiemonster.app
cbryt.buzz
cmfot.ml
compradigital.tech
coppernote.tech
coragem.cf
costelinha.tk
deliciousprime.cf
dougfunnie.cf
driverss.tk
edmondhalley.app
enrols.ga
ertr.space
evokgtis.gq
fanaticallao.site
fatalerror.cf
fatura.tech
fenomeno.gq
fheyo.ga
fheyo.ml
fhff.space
financeiroltda.golf
fiscal.monster
g4cpq4xcz.ml
gautamabuddhaa.app
gdfcd.cf
gerenteempresarial.voyage
gestaodenegocios.monster
gfhh.space
gkz9877oj.gq
grvyj.ml
gtasanandres.tk
henryford.app
hidrosolar.space
hko1yucr.ga
hmf8qij2.gq
hyhfv.ml
iurigagarin.app
jardimboty.com
jghkju.ml
jgttg.cf
jpz9w9yw7.ga
juisama5.tk
k8cf0j5u.cf
kaligodfrey.casa
karlmarxx.app
kixmgxjxz.ga
ktms13gb.ga
kwamenkrumah.app
ljkmaa.ga
louispasteur.app
megaurbia.space
mnjkol.gq
monalisapicture.app
movcr.ml
ms78.online
ms78.site
namokwow.gq
naovemdegarfonasopa.app
natfgt.gq
newriderbrs.ml
newriderbrs.tk
nfiru.buzz
nfiru.monster
nfiru.site
nfiru.website
nfiru.xyz
nghny.tk
nhgj.ml
nyjur.tk
nz5heahrw4dchm4wgp.ml
objectstream.ga
oktrabalhox021.ml
operacional2019.services
osieofcorizon.fun
p6nkq.ga
p6nkq.ml
p6nkq.tk
pitagoras.app
plussizeafter.gq
proevolution.ml
projetovigoroustein.host
r4uamrr7fueez.cf
r4uamrr7fueez.ga
salko.gq
salvadorddalii.app
seuamor.online
seuamor.xyz
simmonitor.gq
solfrio.tech
stevejobsiphone.app
systemadminister.institute
theitchjasmine.online
therockefeller.app
tipvine.site
topglassfull.tk
uiofcikttzxnz.ml
vandisillusioned.casa
vanexchange.online
vannisteroy.cf
vc0038oti94ikr954.ml
vcsczxsa.ga
vdfrt.ml
velhocego.app
vengefulsama.site
venumxmasz.club
vfevg.tk
vgfcn.ml
vitalicious.tk
wb60ycll.ml
winningeleven3.re
xczsrg.cf
xjpmorganx.app
xsarb.cf
xsbuqy.tk
xsvgcf.cf
xwcrfcv.ga
xxapocalipsexx.space
xyzsystemads.cf
yi7qlaice.cf
zasdfer.ga
zasdfer.gq
zmalkd.tk

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-02-Astaroth-IOCs.txt
# Reference: https://www.virustotal.com/gui/file/f0ba0bd9560279cf07a022b10a3cc323d07dd9195ea4ab6ceab4ce409830dbed/detection

t3oomr.piajq6b3uptu.be
wra60.aojjse1r7bwl.re

# Reference: https://twitter.com/johnk3r/status/1488926962554970113

barazaylu.shop
belegtuike.shop
frindaba.shop
glugiudo.us
usmarob.us
1sjeb8aou9h.glugiudo.us
20fht4you39.barazaylu.shop
2gkc8siuush.barazaylu.shop
47kvma3aer.glugiudo.us
48gzhb3art.belegtuike.shop
4opw7lvia8w.glugiudo.us
50dhkr4eesu.glugiudo.us
61fjbauaazh.glugiudo.us
72sfy8uou4g.barazaylu.shop
7fxgma3ata.frindaba.shop
7se1sjdii89.frindaba.shop
7uir59hai89.barazaylu.shop
8650jrvaeuw.usmarob.us
871sgjyaeay.usmarob.us
975dgecaear.usmarob.us
9hxgca3aer.barazaylu.shop
a3960dhou4m.usmarob.us
a91dkrneesu.glugiudo.us
a965fhtaapo.frindaba.shop
aitq9hxai89.barazaylu.shop
cnmiu16iodk.glugiudo.us
ddcrtwwa39.belegtuike.shop
dgkrnysou5j.belegtuike.shop
dkvfna3aet.frindaba.shop
ert821goun9.barazaylu.shop
ewet360ooya.belegtuike.shop
ey8uiraionj.frindaba.shop
fjynuaraa9k.usmarob.us
gen8araaixm.frindaba.shop
gjen7aiua9h.belegtuike.shop
gznbta3art.glugiudo.us
hwtbypoua7l.usmarob.us
ir5sxdkia8w.frindaba.shop
iue1sjvii89.belegtuike.shop
kvfmta3ata.barazaylu.shop
lcerweearv.belegtuike.shop
mpq6lh3aet.frindaba.shop
n8poq48ouhb.glugiudo.us
nbertwea87.belegtuike.shop
py27kvfia89.barazaylu.shop
rt3821gooyb.usmarob.us
rta861siorb.glugiudo.us
rvyoyw2iivm.frindaba.shop
sfwt4yoiiw7.usmarob.us
t392dgkua7s.frindaba.shop
t4yotw3iibg.usmarob.us
t895fhwuayo.glugiudo.us
v7ai19huab9.belegtuike.shop
wa960hkuu4i.usmarob.us
wea321iorc.belegtuike.shop
wea3650iorv.barazaylu.shop
weera8eefh.frindaba.shop
weret8aasf.glugiudo.us
werwrtaa1d.usmarob.us
werwrtaa1f.frindaba.shop
wet871dooyn.barazaylu.shop
wewea3aedg.belegtuike.shop
wewetaaasf.barazaylu.shop
wweea8ae0f.usmarob.us
wwer37eegk.belegtuike.shop

# Generic trails

/Seu7v130a.xsl
