# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: guildma

# Reference: https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/

ta4dcmj.proxy6x-server.website

# Reference: https://twitter.com/cyber__sloth/status/1200366623615594497

campanhacomercialvendas.info

# Reference: https://blog.talosintelligence.com/2020/05/astaroth-analysis.html
# Reference: https://otx.alienvault.com/pulse/5eb9776da9f82b6e9a5d1036

32lpn3ft7eph05.com.de
4nk7h3s453b019.com.de
909nu3dx3rgk13.com.de
9f3rr2tzu2zm14.com.de
a4haub65wwq002.com.de
bantqr8rrm9c11.com.de
centrofinanceirosa.com.de
cg29lhgyrqen08.com.de
f6zn4bt4525p04.com.de
fd85jg5cetko03.com.de
liderfinancesa.com.de
lkjq5t5bqtol06.com.de
prosistemfinancesa.com.de
rwmaz1ewk6lk18.com.de
seusistemafinanceirosa.com.de
sfinanceirosa.com.de
sfinances.com.de
sistemafinanceirosa.com.de
sistemcredita.com.de
tecnofinancesa.com.de
u9gq2b6u4iah07.com.de
wke9c2ebsdoe15.com.de
021oiyzis.ml
1f5tunhpi.ml
6zs1njbw.ml
7ymboe33m.cf
7zip.golf
81rc4uw1b4roh99dmn.cf
84m4bl423.space
88zpv47nuh09wq7.ml
896pc6x93.gq
a01mt584zk32sw1.ml
accountinformation.buzz
accountt.download
adollfhitler.app
amandafix.space
amandafix.tech
anexo.monster
anitagaribaldi.app
asth.app
baixinho11.cf
batigol.ga
bffr.space
bghyh.cf
bifrostsr8.app
billgates.app
blogchief.tk
bnghjh.ml
brigaderua.ml
bubbaoff.press
bvgtt5.gq
bvijuoi.ml
c3v4b5n6m7j89i.tk
carnegiemonster.app
cbryt.buzz
cmfot.ml
compradigital.tech
coppernote.tech
coragem.cf
costelinha.tk
deliciousprime.cf
dougfunnie.cf
driverss.tk
edmondhalley.app
enrols.ga
ertr.space
evokgtis.gq
fanaticallao.site
fatalerror.cf
fatura.tech
fenomeno.gq
fheyo.ga
fheyo.ml
fhff.space
financeiroltda.golf
fiscal.monster
g4cpq4xcz.ml
gautamabuddhaa.app
gdfcd.cf
gerenteempresarial.voyage
gestaodenegocios.monster
gfhh.space
gkz9877oj.gq
grvyj.ml
gtasanandres.tk
henryford.app
hidrosolar.space
hko1yucr.ga
hmf8qij2.gq
hyhfv.ml
iurigagarin.app
jardimboty.com
jghkju.ml
jgttg.cf
jpz9w9yw7.ga
juisama5.tk
k8cf0j5u.cf
kaligodfrey.casa
karlmarxx.app
kixmgxjxz.ga
ktms13gb.ga
kwamenkrumah.app
ljkmaa.ga
louispasteur.app
megaurbia.space
mnjkol.gq
monalisapicture.app
movcr.ml
ms78.online
ms78.site
namokwow.gq
naovemdegarfonasopa.app
natfgt.gq
newriderbrs.ml
newriderbrs.tk
nfiru.buzz
nfiru.monster
nfiru.site
nfiru.website
nfiru.xyz
nghny.tk
nhgj.ml
nyjur.tk
nz5heahrw4dchm4wgp.ml
objectstream.ga
oktrabalhox021.ml
operacional2019.services
osieofcorizon.fun
p6nkq.ga
p6nkq.ml
p6nkq.tk
pitagoras.app
plussizeafter.gq
proevolution.ml
projetovigoroustein.host
r4uamrr7fueez.cf
r4uamrr7fueez.ga
salko.gq
salvadorddalii.app
seuamor.online
seuamor.xyz
simmonitor.gq
solfrio.tech
stevejobsiphone.app
systemadminister.institute
theitchjasmine.online
therockefeller.app
tipvine.site
topglassfull.tk
uiofcikttzxnz.ml
vandisillusioned.casa
vanexchange.online
vannisteroy.cf
vc0038oti94ikr954.ml
vcsczxsa.ga
vdfrt.ml
velhocego.app
vengefulsama.site
venumxmasz.club
vfevg.tk
vgfcn.ml
vitalicious.tk
wb60ycll.ml
winningeleven3.re
xczsrg.cf
xjpmorganx.app
xsarb.cf
xsbuqy.tk
xsvgcf.cf
xwcrfcv.ga
xxapocalipsexx.space
xyzsystemads.cf
yi7qlaice.cf
zasdfer.ga
zasdfer.gq
zmalkd.tk

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-12-02-Astaroth-IOCs.txt
# Reference: https://www.virustotal.com/gui/file/f0ba0bd9560279cf07a022b10a3cc323d07dd9195ea4ab6ceab4ce409830dbed/detection

t3oomr.piajq6b3uptu.be
wra60.aojjse1r7bwl.re

# Reference: https://twitter.com/johnk3r/status/1488926962554970113

barazaylu.shop
belegtuike.shop
frindaba.shop
glugiudo.us
usmarob.us
1sjeb8aou9h.glugiudo.us
20fht4you39.barazaylu.shop
2gkc8siuush.barazaylu.shop
47kvma3aer.glugiudo.us
48gzhb3art.belegtuike.shop
4opw7lvia8w.glugiudo.us
50dhkr4eesu.glugiudo.us
61fjbauaazh.glugiudo.us
72sfy8uou4g.barazaylu.shop
7fxgma3ata.frindaba.shop
7se1sjdii89.frindaba.shop
7uir59hai89.barazaylu.shop
8650jrvaeuw.usmarob.us
871sgjyaeay.usmarob.us
975dgecaear.usmarob.us
9hxgca3aer.barazaylu.shop
a3960dhou4m.usmarob.us
a91dkrneesu.glugiudo.us
a965fhtaapo.frindaba.shop
aitq9hxai89.barazaylu.shop
cnmiu16iodk.glugiudo.us
ddcrtwwa39.belegtuike.shop
dgkrnysou5j.belegtuike.shop
dkvfna3aet.frindaba.shop
ert821goun9.barazaylu.shop
ewet360ooya.belegtuike.shop
ey8uiraionj.frindaba.shop
fjynuaraa9k.usmarob.us
gen8araaixm.frindaba.shop
gjen7aiua9h.belegtuike.shop
gznbta3art.glugiudo.us
hwtbypoua7l.usmarob.us
ir5sxdkia8w.frindaba.shop
iue1sjvii89.belegtuike.shop
kvfmta3ata.barazaylu.shop
lcerweearv.belegtuike.shop
mpq6lh3aet.frindaba.shop
n8poq48ouhb.glugiudo.us
nbertwea87.belegtuike.shop
py27kvfia89.barazaylu.shop
rt3821gooyb.usmarob.us
rta861siorb.glugiudo.us
rvyoyw2iivm.frindaba.shop
sfwt4yoiiw7.usmarob.us
t392dgkua7s.frindaba.shop
t4yotw3iibg.usmarob.us
t895fhwuayo.glugiudo.us
v7ai19huab9.belegtuike.shop
wa960hkuu4i.usmarob.us
wea321iorc.belegtuike.shop
wea3650iorv.barazaylu.shop
weera8eefh.frindaba.shop
weret8aasf.glugiudo.us
werwrtaa1d.usmarob.us
werwrtaa1f.frindaba.shop
wet871dooyn.barazaylu.shop
wewea3aedg.belegtuike.shop
wewetaaasf.barazaylu.shop
wweea8ae0f.usmarob.us
wwer37eegk.belegtuike.shop

# Reference: https://twitter.com/johnk3r/status/1518978277909671937

heirresoares.sbs
loreadmjuri.sbs
mielocosta.quest
rigeiasantos.cfd
sandramahl.quest
vivianesiwile.cfd
0huapt.mielocosta.quest
0huupt.heirresoares.sbs
1fuuoi.loreadmjuri.sbs
1guupp.rigeiasantos.cfd
1guuui.loreadmjuri.sbs
1huaer.vivianesiwile.cfd
1suaer.sandramahl.quest
2soo8a.rigeiasantos.cfd
36eirn.sandramahl.quest
39eirb.mielocosta.quest
5douiu.sandramahl.quest
5doums.vivianesiwile.cfd
5douua.vivianesiwile.cfd
5haiew.heirresoares.sbs
6kaiew.heirresoares.sbs
6sou4p.vivianesiwile.cfd
70ouya.loreadmjuri.sbs
71oo8a.heirresoares.sbs
71ooni.heirresoares.sbs
81oo7a.loreadmjuri.sbs
82ioyn.sandramahl.quest
86eicn.loreadmjuri.sbs
86eit4.mielocosta.quest
86ioby.vivianesiwile.cfd
95iocm.mielocosta.quest
95iovy.rigeiasantos.cfd
a8eehw.heirresoares.sbs
a9eeht.rigeiasantos.cfd
ataihr.sandramahl.quest
bwar3.rigeiasantos.cfd
cmiosv.heirresoares.sbs
cwaea.rigeiasantos.cfd
dcawa.loreadmjuri.sbs
e6iocr.heirresoares.sbs
e6oaer.rigeiasantos.cfd
eraa1g.mielocosta.quest
eraasj.sandramahl.quest
etaagj.mielocosta.quest
etaefk.rigeiasantos.cfd
etaege.vivianesiwile.cfd
fkaase.heirresoares.sbs
fviawe.rigeiasantos.cfd
fxiiew.sandramahl.quest
gtaeiw.heirresoares.sbs
jwar8.sandramahl.quest
jyeet4.vivianesiwile.cfd
jyiuzf.rigeiasantos.cfd
kcee1s.vivianesiwile.cfd
kwaea.heirresoares.sbs
mwaea.sandramahl.quest
n7io5j.loreadmjuri.sbs
ncawt.heirresoares.sbs
nlawt.mielocosta.quest
ptaibm.mielocosta.quest
ptaigr.loreadmjuri.sbs
r2iaer.mielocosta.quest
r3eeev.loreadmjuri.sbs
r3eegw.mielocosta.quest
r4eo3f.rigeiasantos.cfd
r7oaer.mielocosta.quest
raaafw.rigeiasantos.cfd
rveiq7.vivianesiwile.cfd
slaer.loreadmjuri.sbs
t6oaer.mielocosta.quest
t8eehr.vivianesiwile.cfd
uiaamj.rigeiasantos.cfd
uiaaxj.loreadmjuri.sbs
vouivm.vivianesiwile.cfd
w7oaer.loreadmjuri.sbs
wa72.mielocosta.quest
wa82.loreadmjuri.sbs
wa86.heirresoares.sbs
wa86.vivianesiwile.cfd
waa9.loreadmjuri.sbs
waa9.mielocosta.quest
waa9.sandramahl.quest
waer.heirresoares.sbs
waet.sandramahl.quest
wara.sandramahl.quest
wat3.vivianesiwile.cfd
wat8.vivianesiwile.cfd
wea91.sandramahl.quest
wea9s.rigeiasantos.cfd
wnei1s.sandramahl.quest

# Reference: https://isc.sans.edu/diary/rss/28962
# Reference: https://otx.alienvault.com/pulse/6303804723bccc7e3caad737

aeabihjpejprueuibdjmhfmdcpsfr.gq
ijnkwnkxeguxaxmldwyogggwfk.sbs
infocloudgruposolucaoecia.link
pfktaacgojiozfehwkkimhkbkm.cfd
rouepcgomfhejergdahjcfcugarfcmoa.tk
ahaaer.pfktaacgojiozfehwkkimhkbkm.cfd
cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs
hcu11m2mkk2.rouepcgomfhejergdahjcfcugarfcmoa.tk
j2vfrc7gddo.aeabihjpejprueuibdjmhfmdcpsfr.gq
w7oaer.infocloudgruposolucaoecia.link

# Reference: https://twitter.com/pollo290987/status/1574470975403560970

signaturedocusign.pics
vcestalivre.top
27oagr.signaturedocusign.pics
6fuaer.signaturedocusign.pics
fhuu4p.signaturedocusign.pics
ireikc.signaturedocusign.pics
jneaee.signaturedocusign.pics
jwawr.signaturedocusign.pics
lcaee.signaturedocusign.pics
vfiaee.signaturedocusign.pics
61ou7i.vcestalivre.top

# Reference: https://twitter.com/johnk3r/status/1605546089142026240
# Reference: https://bazaar.abuse.ch/sample/7db115f80a9ddf76b48ba1706f2bb76bd100dbbef411ebaaca87a1a1f9bd18ed/

registroinformado.bar
servicexs.workers.dev
3kecv.registroinformado.bar
job.servicexs.workers.dev

# Reference: https://isc.sans.edu/diary/29404

azuissu.directory
biagdum.review
ulafeohash.world
uripawuy.town
i5ai2h.azuissu.directory
o6a3e.ulafeohash.world
pka77.biagdum.review
w1oieg.uripawuy.town

# Reference: https://twitter.com/malware_traffic/status/1611103932771717137

pudar.sbs
xkg5l4v78ef.pudar.sbs

# Reference: https://twitter.com/johnk3r/status/1616493814088368128
# Reference: https://bazaar.abuse.ch/sample/35268155ea6ea5d1c822af2222a04ada8f807fb523fe3ff81111435caf125253/

anthonylawrence.cfd
locrahbando.cfd
r6ie8h.anthonylawrence.cfd
wwoyg.locrahbando.cfd
northamerica-northeast1-carbon-mediator-371811.cloudfunctions.net

# Reference: https://twitter.com/Bank_Security/status/1055092859404251137
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/malware-targeting-brazil-uses-legitimate-windows-components-wmi-and-certutil-as-part-of-its-routine/
# Reference: https://pastebin.com/a7ZXwiDf

ewyytrtw4646934.eririxab.com
exxxwrtw6115614.kloudghtlp.com
eririxab.com
kloudghtlp.com

# Reference: https://twitter.com/James_inthe_box/status/1152234123844415489

http://18.217.112.176

# Reference: https://twitter.com/JAMESWT_MHT/status/1136555502064848897

http://192.95.2.166

# Reference: https://twitter.com/casual_malware/status/1235206644981780480

ba6csnbs.gq
zd1dyct2.cf
hpds8smq.gq
sp5it6dt.cf
k3ytlro3.ga
lixokaln.tk
jslyjr3f.tk
rabbanbt.ml
a2ago5l1.ml
d9fearr9.ga

# Reference: https://twitter.com/Bank_Security/status/1235839277386182658
# Reference: https://www.welivesecurity.com/2020/03/05/guildma-devil-drives-electric/
# Reference: https://otx.alienvault.com/pulse/5e60de80eaa561319a314b21

acquafufheirybveru.online
ambirsr.tk
carnataldez.ml
clooinfor.cf
dbuhcbudyu.tk
equilibrios.ga
gucinowertr.tk
guildma.bj
guildma.bm
guildma.br
guildma.bs
iuiuytrytrewrqw.gq
movbmog.ga
nvfjvtntt.cf
vhguyeu.ml
xskcjzamlkxwo.gq
zvatrswtsrw.ml

# Reference: https://twitter.com/malwrhunterteam/status/1252633339967799296
# Reference: https://www.virustotal.com/gui/file/10929c710dfbdc6e78a6bb44a65fa3b84c786be95105f065081ae5927883b3a9/detection

1puknzcr.gq
lqd1fhjr.tk
nztpe4cd.gq

# Reference: https://securelist.com/the-tetrade-brazilian-banking-malware/97779/

01autogestor.ga
04autogestor.ml
0ff2mft71jarf.gq
4nk7h3s453b019.com.de
64pgrpyxpueoj.ga
6pnc3461.ink
6zs1njbw.ml
7wpinibw.ml
909nu3dx3rgk13.com.de
bantqr8rrm9c11.com.de
bnorp.ml
evokgtis.gq
g2ha14u2m2xe12.com.de
ghcco980m1zy9.org
gurulea8.ml
k8cf0j5u.cf
kaligodfrey.casa
kfgkqnf5.cf
nfiru.xyz
osieofcorizon.fun
peolplefortalce.gq
spacetopgear.cf
venumxmasz.club
vuryza.ga
xufa8hy15.online
xvbe.monster

# Reference: https://twitter.com/Arkbird_SOLG/status/1303749794578477057
# Reference: https://app.any.run/tasks/000ac8a8-dc24-4af9-8c7a-cd552bf37ad1/
# Reference: https://app.any.run/tasks/6085d4d7-8fc3-4b25-8305-9584b61d1910/

7bewp4nat2.x14x6x1x7x9x3x1x8x1.co.in
e8jattdiaey.48f7668a8f55e54e5f458f1ax.store
x14x6x1x7x9x3x1x8x1.co.in

# Reference: https://www.virustotal.com/gui/file/a1ec4ff447d2a762fb62e8d67124e2fb785bec401ae5a069bf68a36e208d078f/detection

nwr7ea9aa1.48f7668a8f55e54e5f458f1ax.store

# Reference: https://www.virustotal.com/gui/ip-address/172.67.135.119/relations

48f7668a8f55e54e5f458f1ax.store
cabwsntaa2t.48f7668a8f55e54e5f458f1ax.store
e6esfwaeyv.48f7668a8f55e54e5f458f1ax.store
e7cree5ai3m.48f7668a8f55e54e5f458f1ax.store
zw3gygwai4h.48f7668a8f55e54e5f458f1ax.store

# Reference: https://app.any.run/tasks/6346c55e-1b91-43f2-a2f4-7fe1eeee7560/

adm-perfumaria.be
uu7vtwraehv.adm-perfumaria.be

# Reference: https://twitter.com/JAMESWT_MHT/status/1350343863584616449
# Reference: https://pastebin.com/ACwzkJZn
# Reference: https://app.any.run/tasks/e9335a25-4a24-4a94-a939-aec0ab5e7da9/

16aacr.millenium-notas.xyz
39eihr.mhsprodutos.email
7kaier.planilhamsul.live
enei15.gsfogllftm.bid
eraa1d.contsfinas.xyz
fhwb8ypuu7f.reavisobombeiros2021.monster
narenstore.co.id
otq4flbei89.liberatesgroup.online
wa87.evbpmgeuvw.email
contsfinas.xyz
evbpmgeuvw.email
gsfogllftm.bid
liberatesgroup.online
millenium-notas.xyz
mhsprodutos.email
planilhamsul.live
reavisobombeiros2021.monster

# Reference: https://twitter.com/Unit42_Intel/status/1364285932296355844
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-02-22-IOCs-from-Guildma-infection.txt

atrak.gold
bombeirosgov.xyz
cfjhrfrdprfudjhefdpsforuasdcuicb.tk
ncocotdenc.date
owpxfymsrl.casa
vistoriabombeiros.email
djuaai.vistoriabombeiros.email
ktaee3.ncocotdenc.date
rbeiwd.bombeirosgov.xyz
wat8.owpxfymsrl.casa
a8f907a15dd256a8efdeefa1b4296a10.cfjhrfrdprfudjhefdpsforuasdcuicb.tk
ead7b06da12ff1ad3601bc0e58d8378b.cfjhrfrdprfudjhefdpsforuasdcuicb.tk
d852e90de17f0e95cfa4e6bca58fdc7e.ppcrbpcofpofadfdhragrrcfiidmeufu.fun
d3fcad4e8c158a8347f69755408afe9c.hgebbgepeoaufjucdriibuuheamduohp.buzz
84d5c615a6148b4a64748944ab4fea32.daeoccijpuuujifgeusprsadbjabspas.monster
b9a3966d49f092087e84c2b2d47bddd6.dsofhsbehebshfsefaagordmrcefguiu.top
9af27bde5afc7d2f9d5a54cfb940eb23.afisohduhmbuiebbmcpgedmdahpsmoaa.xyz
3fdde23513cfea8244865de9dfc24576.baapceffjrpmdjjsdergsiefijcpuodo.xyz
d685edc33c9821948bad8f053744e671.hjaejauhfiecmhrsbpdmfafhaghrubmr.site
6b07d8ebf16094112539933605bc959b.jgiscuhreojgjmppmprdcaaabsbrsago.online
5f73dc9aab98162a161124bb9b33e0f3.crjusgsfuoghrcgbiesccrsgfdimejdh.gq
e9ea25b57f0f347a7f49cb9d560b7c9f.iffbhggmcimrgsgdsopaiaeoapjhfhor.cf
a7852fbe6a64197636486f136fcd1b9f.duiispaamoafbshuegpdjdmmrdrormpr.cf
2f62d23644cbc7648fae3c8a7e49ee55.dmoujibiogrmcgabfiaamuhmrodocaom.ga
756cc5b1bad841d9bcca71f5ef35d172.afhoasaoumhmcepdugfhmrcehjdaujui.ml
7fc673d1de394b80e8c31e56741530f3.upiejiuspmmoafamjrcsfurdrggdjidg.tk
b93dbe13513d3725c86e06472667e0dc.upjodfgeamscjrbgsijbapbebhjuphcc.tk
ecbacb2226e502ed95e4ca36775be81e.upmrjdauhjrogmcipcjdcofjumjsjubr.tech
e48e99830d9692e59da0b467d2e7e859.dajahireoippjuoaprburmsjohsirbrm.live
27e15cfae240de235bc0b1063835c282.poicirorodmjmieeffjpifhmoroibajc.store
fd15e0d9a0f3ca129bfda36be54193de.fmcgdifjhaffogrhgmfcjehhausjfpjf.space
c2d4305977b663085c423d764398115b.pfiaodebsgmsdgaaamoofoiabdcmegha.best
b9a3966d49f092087e84c2b2d47bddd6.dsofhsbehebshfsefaagordmrcefguiu.top
84d5c615a6148b4a64748944ab4fea32.daeoccijpuuujifgeusprsadbjabspas.monster
58b48f2a4111bbcfca5a5c29c7a62149.mhfpudaosgoecimrsaoupupajrjscgro.site
eb952bcdead65806877687be3db00367.egbggdgogrjjfgpheoiaeaiampppjaum.cf
6dc7e6324002d963a9f17d1b68234ed6.ebaaefmooecmmibdaipahradcgcfebph.best
afhoasaoumhmcepdugfhmrcehjdaujui.ml
afisohduhmbuiebbmcpgedmdahpsmoaa.xyz
baapceffjrpmdjjsdergsiefijcpuodo.xyz
crjusgsfuoghrcgbiesccrsgfdimejdh.gq
daeoccijpuuujifgeusprsadbjabspas.monster
dajahireoippjuoaprburmsjohsirbrm.live
dmoujibiogrmcgabfiaamuhmrodocaom.ga
dsofhsbehebshfsefaagordmrcefguiu.top
duiispaamoafbshuegpdjdmmrdrormpr.cf
ebaaefmooecmmibdaipahradcgcfebph.best
egbggdgogrjjfgpheoiaeaiampppjaum.cf
fmcgdifjhaffogrhgmfcjehhausjfpjf.space
hgebbgepeoaufjucdriibuuheamduohp.buzz
hjaejauhfiecmhrsbpdmfafhaghrubmr.site
iffbhggmcimrgsgdsopaiaeoapjhfhor.cf
jgiscuhreojgjmppmprdcaaabsbrsago.online
mhfpudaosgoecimrsaoupupajrjscgro.site
pfiaodebsgmsdgaaamoofoiabdcmegha.best
poicirorodmjmieeffjpifhmoroibajc.store
ppcrbpcofpofadfdhragrrcfiidmeufu.fun
upiejiuspmmoafamjrcsfurdrggdjidg.tk
upjodfgeamscjrbgsijbapbebhjuphcc.tk
upmrjdauhjrogmcipcjdcofjumjsjubr.tech

# Reference: https://twitter.com/malware_traffic/status/1411151303670128640
# Reference: https://www.malware-traffic-analysis.net/2021/07/02/index.html

1n0izrin45jf.date
i8b89z39ldede.casa
mobly.email
webktive.bid
a9eegc.webktive.bid
ooainb.1n0izrin45jf.date
71ou7a.mobly.email
jeaeir.mobly.email
vmawt.mobly.email
wa86.i8b89z39ldede.casa


# Reference: https://twitter.com/pr0xylife/status/1463924565034377220

gsasochjrmecsrsbjmubhuspsjusaghs.club
5dooyn.gsasochjrmecsrsbjmubhuspsjusaghs.club

# Reference: https://twitter.com/ffforward/status/1463934334101037060

cvcxsdfrew.one
uytfgdkipoi.one
0ooc4.cvcxsdfrew.one
uaou9x.uytfgdkipoi.one

# Reference: https://twitter.com/1ZRR4H/status/1464118333884805148
# Reference: https://pastebin.com/e8NTUaP2

atelierasmeninas.com
blindamorares.com
ceramicasouzatex.com
condordosaires.com
construsouzaconstrucoes.com
creatinarupples.com
enlogtransportes.com
etiplasti.com
ferramentasbroca.com
fragmentomocas.com
fruteiratra.com
hrgrafica.com
importsgo.com
infordados.com
isendbox.com
lupafertilizantes.com
mestreadministracao.com
modaatevoce.com
nucleodequalificacao.com
omettoequipamentos.com
prometalfunilaria.com
propositonotificas.com
protocolospemail.com
redemmfs.com
rimainstalacoes.com
ruprestecomunicacao.com
saocamiloformosa.com
severoindustrial.com
turismocrostas.com
admti1.rimainstalacoes.com
admti10.rimainstalacoes.com
admti11.severoindustrial.com
admti13.severoindustrial.com
admti15.severoindustrial.com
admti16.rimainstalacoes.com
admti17.rimainstalacoes.com
admti18.rimainstalacoes.com
admti19.rimainstalacoes.com
admti19.severoindustrial.com
admti20.severoindustrial.com
admti21.rimainstalacoes.com
admti22.rimainstalacoes.com
admti24.rimainstalacoes.com
admti25.severoindustrial.com
admti26.rimainstalacoes.com
admti27.rimainstalacoes.com
admti28.severoindustrial.com
admti3.severoindustrial.com
admti4.rimainstalacoes.com
admti5.severoindustrial.com
admti6.rimainstalacoes.com
admti6.severoindustrial.com
admti9.severoindustrial.com
axsr11.protocolospemail.com
axsr13.protocolospemail.com
axsr14.protocolospemail.com
axsr18.protocolospemail.com
axsr5.protocolospemail.com
axsr6.protocolospemail.com
axsr7.protocolospemail.com
axsr8.protocolospemail.com
axsr9.protocolospemail.com
clipe1.blindamorares.com
clipe13.blindamorares.com
clipe14.blindamorares.com
clipe17.blindamorares.com
clipe19.blindamorares.com
clipe21.blindamorares.com
clipe24.blindamorares.com
clipe5.blindamorares.com
clipe7.blindamorares.com
codo2.fruteiratra.com
coordenarh1.etiplasti.com
coordenarh1.infordados.com
coordenarh10.etiplasti.com
coordenarh13.etiplasti.com
coordenarh15.etiplasti.com
coordenarh15.hrgrafica.com
coordenarh16.hrgrafica.com
coordenarh17.etiplasti.com
coordenarh17.infordados.com
coordenarh17.mestreadministracao.com
coordenarh18.etiplasti.com
coordenarh18.infordados.com
coordenarh19.etiplasti.com
coordenarh2.hrgrafica.com
coordenarh20.infordados.com
coordenarh21.hrgrafica.com
coordenarh22.etiplasti.com
coordenarh22.mestreadministracao.com
coordenarh23.etiplasti.com
coordenarh23.hrgrafica.com
coordenarh24.etiplasti.com
coordenarh27.etiplasti.com
coordenarh28.etiplasti.com
coordenarh3.hrgrafica.com
coordenarh4.etiplasti.com
coordenarh4.hrgrafica.com
coordenarh5.etiplasti.com
coordenarh6.etiplasti.com
coordenarh7.etiplasti.com
coordenarh8.etiplasti.com
coordenarh9.hrgrafica.com
lojas16.propositonotificas.com
lojas19.propositonotificas.com
lojas22.propositonotificas.com
lojas3.propositonotificas.com
metros1.creatinarupples.com
metros19.creatinarupples.com
metros24.creatinarupples.com
metros8.creatinarupples.com
oportunidadesrh11.ruprestecomunicacao.com
oportunidadesrh12.lupafertilizantes.com
oportunidadesrh15.ruprestecomunicacao.com
oportunidadesrh17.ruprestecomunicacao.com
oportunidadesrh18.saocamiloformosa.com
oportunidadesrh21.ruprestecomunicacao.com
oportunidadesrh22.ruprestecomunicacao.com
oportunidadesrh24.lupafertilizantes.com
oportunidadesrh24.ruprestecomunicacao.com
oportunidadesrh26.ruprestecomunicacao.com
oportunidadesrh29.ruprestecomunicacao.com
planilha22.fragmentomocas.com
planilha4.fragmentomocas.com
planilha7.fragmentomocas.com
planilha8.fragmentomocas.com
printinghot.oicp.net
proc11.protocolospemail.com
proc3.protocolospemail.com
proc4.protocolospemail.com
proc5.protocolospemail.com
proc6.protocolospemail.com
proc7.protocolospemail.com
proc9.protocolospemail.com
sedxf13.importsgo.com
sedxf6.importsgo.com
sedxf8.importsgo.com
sendf3.isendbox.com
sendf8.isendbox.com
sendf9.isendbox.com
superrh1.modaatevoce.com
superrh1.nucleodequalificacao.com
superrh1.prometalfunilaria.com
superrh10.nucleodequalificacao.com
superrh10.omettoequipamentos.com
superrh10.prometalfunilaria.com
superrh11.modaatevoce.com
superrh11.nucleodequalificacao.com
superrh11.omettoequipamentos.com
superrh12.modaatevoce.com
superrh12.omettoequipamentos.com
superrh12.prometalfunilaria.com
superrh13.nucleodequalificacao.com
superrh13.prometalfunilaria.com
superrh14.modaatevoce.com
superrh14.nucleodequalificacao.com
superrh14.omettoequipamentos.com
superrh15.nucleodequalificacao.com
superrh15.omettoequipamentos.com
superrh16.modaatevoce.com
superrh16.nucleodequalificacao.com
superrh17.modaatevoce.com
superrh17.omettoequipamentos.com
superrh17.prometalfunilaria.com
superrh18.prometalfunilaria.com
superrh19.nucleodequalificacao.com
superrh19.omettoequipamentos.com
superrh19.prometalfunilaria.com
superrh21.nucleodequalificacao.com
superrh21.omettoequipamentos.com
superrh21.prometalfunilaria.com
superrh22.modaatevoce.com
superrh22.nucleodequalificacao.com
superrh23.modaatevoce.com
superrh23.nucleodequalificacao.com
superrh23.prometalfunilaria.com
superrh24.omettoequipamentos.com
superrh24.prometalfunilaria.com
superrh25.modaatevoce.com
superrh25.nucleodequalificacao.com
superrh25.omettoequipamentos.com
superrh26.modaatevoce.com
superrh26.nucleodequalificacao.com
superrh26.omettoequipamentos.com
superrh27.omettoequipamentos.com
superrh27.prometalfunilaria.com
superrh28.modaatevoce.com
superrh29.modaatevoce.com
superrh29.omettoequipamentos.com
superrh3.nucleodequalificacao.com
superrh3.omettoequipamentos.com
superrh3.prometalfunilaria.com
superrh30.nucleodequalificacao.com
superrh30.omettoequipamentos.com
superrh30.prometalfunilaria.com
superrh4.modaatevoce.com
superrh4.omettoequipamentos.com
superrh5.modaatevoce.com
superrh5.omettoequipamentos.com
superrh5.prometalfunilaria.com
superrh6.modaatevoce.com
superrh6.nucleodequalificacao.com
superrh6.omettoequipamentos.com
superrh7.modaatevoce.com
superrh8.modaatevoce.com
superrh8.omettoequipamentos.com
superrh9.modaatevoce.com
superrh9.prometalfunilaria.com
supervisorrh1.ceramicasouzatex.com
supervisorrh10.atelierasmeninas.com
supervisorrh10.construsouzaconstrucoes.com
supervisorrh11.atelierasmeninas.com
supervisorrh11.condordosaires.com
supervisorrh12.ceramicasouzatex.com
supervisorrh12.condordosaires.com
supervisorrh13.atelierasmeninas.com
supervisorrh13.ceramicasouzatex.com
supervisorrh14.construsouzaconstrucoes.com
supervisorrh15.atelierasmeninas.com
supervisorrh15.condordosaires.com
supervisorrh15.construsouzaconstrucoes.com
supervisorrh16.atelierasmeninas.com
supervisorrh16.condordosaires.com
supervisorrh17.condordosaires.com
supervisorrh17.construsouzaconstrucoes.com
supervisorrh18.condordosaires.com
supervisorrh19.atelierasmeninas.com
supervisorrh19.enlogtransportes.com
supervisorrh2.construsouzaconstrucoes.com
supervisorrh20.atelierasmeninas.com
supervisorrh20.ceramicasouzatex.com
supervisorrh20.condordosaires.com
supervisorrh20.enlogtransportes.com
supervisorrh21.condordosaires.com
supervisorrh21.construsouzaconstrucoes.com
supervisorrh22.ceramicasouzatex.com
supervisorrh23.ceramicasouzatex.com
supervisorrh23.construsouzaconstrucoes.com
supervisorrh23.enlogtransportes.com
supervisorrh25.ceramicasouzatex.com
supervisorrh26.ceramicasouzatex.com
supervisorrh26.construsouzaconstrucoes.com
supervisorrh27.condordosaires.com
supervisorrh27.construsouzaconstrucoes.com
supervisorrh28.condordosaires.com
supervisorrh28.construsouzaconstrucoes.com
supervisorrh4.atelierasmeninas.com
supervisorrh4.condordosaires.com
supervisorrh4.construsouzaconstrucoes.com
supervisorrh5.ceramicasouzatex.com
supervisorrh5.condordosaires.com
supervisorrh6.condordosaires.com
supervisorrh7.ceramicasouzatex.com
supervisorrh7.condordosaires.com
supervisorrh8.atelierasmeninas.com
suporte17.turismocrostas.com
suporte22.turismocrostas.com
suporte6.turismocrostas.com
suporte9.turismocrostas.com
tgery11.redemmfs.com
tgery4.redemmfs.com
tgery9.redemmfs.com
veiculo1.ferramentasbroca.com
veiculo2.ferramentasbroca.com
veiculo4.ferramentasbroca.com
veiculo8.ferramentasbroca.com

# Reference: https://twitter.com/malware_traffic/status/1409683375430922254
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt
# Reference: https://otx.alienvault.com/pulse/61e93340f6cf68282de3a0f4

bihcreuomegscmedfuaggprjrjomosga.cf
elthalion.cfd
iribfinanceiroorgbrasil.cloud
jfhobjjddhsrspocbcorushsgcjhmgsg.gq
netirib.one
reizorandir.sbs
1svdca3awt.reizorandir.sbs
49oujr.elthalion.cfd
4f7afe1492603307b978fbffb672156a.jfhobjjddhsrspocbcorushsgcjhmgsg.gq
b1de04354c314704bffdcf6da5989fd7.bihcreuomegscmedfuaggprjrjomosga.cf
brasilirib07.iribfinanceiroorgbrasil.cloud
cn7iie1ei27.netirib.one
era8airaesj.netirib.one
eta327foam9.netirib.one
d36c259d9ddee6a5075920479f3c30df.bihcreuomegscmedfuaggprjrjomosga.cf
e25fa991460f33251405b284f08b84b4.jfhobjjddhsrspocbcorushsgcjhmgsg.gq
y7iar15iowe.netirib.one

# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-08-26_Guildma_domains

aceleraocoracao.top
apitameusocio.top
atendimentoaopublico.autos
atendimentoaopublico.top
autoatendimento.cloud
aventuranoturna.top
bestsyste.cloud
carltonblend.top
centetraining.cloud
chamano0800.top
chamaogugu.top
clandestina.top
climadeverao.top
connetedtheworld.cloud
despedidadesolteiro.top
detallesdelpedido.top
diasdegloria.top
diasdeluta.top
dogdasmalvada.top
domainsaler.cloud
entreefiquebem.co
euseitusabe.co
festadevagabundo.top
festalinda.top
festinhacomasmaluca.top
filhododono.co
gangsterrural.top
gatogolddotinder.top
gatonoturno.top
gordinhobololo.top
gracasadeuspai.top
grandesideias.top
kamikaze.company
largateandonosol.top
latavelha.co
maisdemilhao.top
malconnected.cloud
mandrakedefavela.top
marchanascachorra.top
masquebarbaridade.top
memorialconcluido.autos
memorialconcluido.top
nakelespike.top
naoaargumentos.co
naoteespia.top
nascipravencer.co
olhaosguridenovo.top
omelhordomundo.top
ossemfim.top
plaquedecem.top
podeapitar.top
prefeituramunicipaldebarueri.top
prefrontal.top
prestadordeservicos.top
radioremixaovivo.top
realidadeavancada.co
recebaessegol.top
recomecaroutravez.co
regularizacaoconcluida.autos
regularizacaoconcluida.top
reidalacoste.top
revoadademalandro.top
roncodotrovao.co
rumoaoextrelato.top
rumoaohexa2022.top
seentregue.top
sejamuitobemvindo.co
semdorsemganho.co
semsentimentos.top
sistemasolar.top
sotirandosono.top
suanotafoiemitidacomsucesso.top
todolacostado.top
todoruinzao.co
transaccionaprobada.top
tremmaiscaro.top
tropadoarrancadiu.top
tropadonorte.top
umpraladoispraca.top
velhocego.top
vemevaietatudocerto.top
vemsemmedo.top
voltesempre.co

# Reference: https://threatfox.abuse.ch/browse/malware/win.astaroth/

0jaest.calipol.top
0pypnpukpkp.buzz
0soub8.eanimininter.cloud
0xi5r21wm89hql.fit
1fouvy.ddonuting.cloud
1gaaar.calitina.site
1r2d76nob3mu.yachts
1zn5m7x5hr16.top
20xx65gn0assye.eu
2c5thbszbt.top
2t2ev5giwktc5o9.quest
32iieb.badomininter.cloud
33udiecodphyn.date
3f2ocy9clt90x74.one
3soakc.edonuting.cloud
3too20oe8241.cloud
40tluq1mrunb.top
41mwn790xhnur.top
4500hn3b0m.top
4af8fz610elz.shop
4auahb.calitin.buzz
4fdbm7461aq8.top
4g796aiv4kj1.world
4ilox6sa0g2r.cloud
4kaier.calipol.top
51oon7.bdomunting.cloud
58sozi3fke55.yachts
59uabr.eanimininter.cloud
5pneuovxi22i4fagh9.today
5ynierertnte.cloud
69uabr.canomininter.cloud
6huabr.badomininter.cloud
6r763orka73n.top
6v2mofchw2eix98.quest
72ioey.badomininter.cloud
75iitv.cdonununting.cloud
76iiyb.cdonununting.cloud
7ngopo51j4.cloud
7siubu.calitina.live
8jaiew.calinox.monster
8pwqbarq9lrw.top
92ionu.calitina.live
96iikr.bdomunting.cloud
96iitv.ddonuting.cloud
a3eedk.canomininter.cloud
a575hh752dp9l6c.one
a8aegj.edonuting.cloud
a8eefj.adonuting.cloud
a8eefk.canomininter.cloud
a8eejt.omdtmdqytjuu.surf
abrasivecuckoo.cfd
acartanian.mom
acerthk3v9fvsby5n.today
acordadeumavez.mom
adantorandir.fashion
adomininter.cloud
adonuting.cloud
aeringwebstar.cfd
aesulluzetecnologia.hair
afiliadobiro.link
agentewer.buzz
agentmax.buzz
agrboluy.sbs
aideiaeranegociar.cloud
alcantaralinf.buzz
alienatwebbros.sbs
amasacdddorjbreisgihduhicfeoiapu.shop
amazingx3.buzz
americanothenewyork.us
amrp2yfipn2g.buzz
animemax.buzz
anintenddoom.quest
anonovovidanova.mom
anz1guftr2hdaqq3w.agency
aocbacjcpjmbshjmacisojfbugjjgjed.live
apsojbbichcrjdcbdguihudberfhbcum.shop
asautoridadesbrasileiras.cloud
asdferthjfgk.one
assessirianricoadvocacia.cloud
atecnologianuclear.us
avisosnetdows.fit
avisosnetdows.one
ayqytyrxbrfi.fit
b8eiq4.adomininter.cloud
b9bkut6h8o9l.shop
badomininter.cloud
barahfrid.mom
baraoshad.yachts
baravey.pro
bardthaesan.mom
bartpumsonline.com
bdomunting.cloud
betleverdoom.quest
bfcfbgisarbocfjfpsacfbdsihihobeu.live
birodistrito.bond
biroperola.click
biwtblfbwv.casa
bli2qury6btt.top
blushbiro.click
blutimeddoom.quest
bmiiw6.danomininter.cloud
botzgub.mom
bpwocsltfdp.life
brandsonthasha.us
breakthroughbiro.cfd
brianrivera.cfd
bvcderuik.one
c4uu7l.calitin.buzz
c8ou8f.calinox.top
calinox.monster
calinox.top
calipol.cloud
calipol.monster
calipol.top
calipol.xyz
calitin.buzz
calitin.xyz
calitina.live
calitina.site
campoeroca.bond
campoeroca.link
canomininter.cloud
carelf.mom
carolynhill.cfd
cashprincipal.click
cavalgadasweb.bond
cavalgadasweb.quest
cavalocrioulo.cfd
cavalocrioulo.link
cavalotrote.bond
cavalotrote.click
cbcck7riewn59g.fit
cbsoeddprpcsedhidrcegihbreubpoes.top
ccjmddpbicdcasrdcaegjohmeoedarmh.shop
cdonununting.cloud
cerjrmhudbmjfdfbadrrgbcbujm.cfd
cfredswjkc.one
chrisbrandven.mom
chtopfjbunehp.surf
cjdadpbxjtk.yachts
clathascon.mom
clus.ga
cmcmhhfsoermgrpjbhcjrrjofjibpodg.live
comerciobiro.link
compaisesque.cloud
compostobiro.click
coterdesterbutom.bid
coterdesterbutom.date
cpebgfmpmrropiighmamobhoacsbigaf.top
cxsoinikts.top
cxvdsfwejmy.one
dafridroc.mom
damleverdstar.cfd
danomininter.cloud
dbgbbheeifisicuomudshis.click
ddonuting.cloud
dfuimiubaifhimoofmfpbmdjjedaaphs.top
dgzjwkjgis.cloud
dicmhssepmsidahcbfhojigipobfsefa.top
dingsteddoom.quest
diretosdewashington.us
dkaasi.qpzgycqagykg.surf
dmvb4e5ypx75.world
dnnilppfegloh.life
docpsigpecosugdeurasorsmaafpadsf.top
documentossobre.us
doedingwebros.sbs
dombrosnatweb.sbs
doningstore.buzz
dossubmarinos.us
dowbroneting.fit
dowbrosnatweb.sbs
dowbroswebneting.one
drogariasredeforte.com.br
dsipaaagfadjshrc.cfd
dswecxbgt.one
dulaworish.host
dxxgcx7eyy0pn.win
e0tu0qo5dzfqr5.fit
eanimininter.cloud
ebdijccirfemmpggbushbspopffmrdee.shop
edonuting.cloud
eesuaefeujsaceuiparomcfof.beauty
efqpzs6of9mcwhc.today
egelcwen.mom
ehsmogapfhpodocghfueoffmfjufajug.live
elizabethshannon.cfd
emda2dka59ksfy.eu
emilynunez.cfd
empoderadas.click
eraa21.adomininter.cloud
eraadj.calipol.xyz
eraadk.calipol.monster
erhith.cfd
erickdacunha.live
ertkzmrlagrex.surf
escardhes.mom
escriturario.us
estarwebs.buzz
etaa65.edonuting.cloud
etaasj.calitin.xyz
etaefh.calitina.site
euhuhajmrgooduhsedffgh.sbs
evflha888vf2j22.digital
ewaa9.wswyznfiyigl.eu
f4iidk.felipeemarlimarketingl.link
f5s5duhn4rmisu.fit
facegatoresneta.sbs
facegatoresnetb.sbs
facegatoresnetc.sbs
facegatoresnetd.sbs
facegatoresnete.sbs
facegatoresnetf.sbs
facegatoresnetg.sbs
facegatoresneth.sbs
facegatoresneti.sbs
failandstor.buzz
failwebbros.sbs
fcoidsgsfdpbpasphbsusaismbhsohep.shop
fcpoosadmimpcgbdardapcdibhaisdci.live
felipeemarlimarketingl.link
festertyhuilp.download
ffasdpbirmacdsorbssiapchppirjaho.live
fgzqudjpoicgu.top
financialbom.us
flametradoom.quest
flamsgindstar.cfd
flowersstc.buzz
flowlingbarester.sbs
fmiaee.adomininter.cloud
fmjpmbjsdirapeprrcierohgupcbfpob.top
fowlingwebbros.sbs
fpoedoaagbcduashsjiddfrsibufemrs.top
frestyernhtk.surf
frhoklqhapep.cloud
frithan.mom
frizfftylerdssa.art
ftyhjhgfdfgyuj.xyz
fyd7x756zp.monster
g3dfu87x898s.cloud
gadbce.mom
galotopgeeks.eu
gartolald.cfd
gbaea.calipol.monster
gbfdxcvasd.one
gcomdmgojmermhoaobrcdhcfbbcjghhr.top
gdmosrurjpwtf.eu
geacuegfigpfsdaofjhfesosbarajfgs.live
geaer2.pjkkxkgrfzaw.surf
geils3aw2uj8x9vl3h.agency
gfiaehpfohddcjpuamrcsbsaciubuhjo.top
ghftrezbreskler.art
ghjknbvdrtyj.xyz
ghtestrester.life
gilconsultoria.one
girocenter.online
giuseaze.business
gjyniitkxqyj.surf
gkt6yy0s7c7t.top
globomails.best
graficajardim.live
gravadopor.one
gtersx1.cfd
gtersx2.cfd
gtersx3.cfd
hbawr.canomininter.cloud
heexcnqklq.shop
hipi.com.br
hipyfitness.com.br
hn6dga8vkkm9ah.world
hqaxkbbma05u48.agency
hsdecprrbdrcufacrerergpagosfreoa.top
hvaer.calitina.site
hwaetq.roonblwracbz.fit
hxeier.adomininter.cloud
ifswbaxmkol.cloud
ijhbrphodechmcrdjudccegmicembsir.live
ipaalg.pjkkxkgrfzaw.surf
irs4c1q1j00s.date
itx02gler3uk5.digital
jdiawe.calipol.cloud
jeanettehopkins.cfd
jeffstegifu.cfd
jhaee.calipol.cloud
jmcbguuejijrubjompiesjigpaudpmog.cloud
jobcomesterd11.buzz
jobcomesterd12.buzz
jobcomesterd13.buzz
jobcomesterd14.buzz
jobcomesterd15.buzz
jobcomesterd16.buzz
jobcomesterd17.buzz
jobcomesterd18.buzz
jobcomesterd19.buzz
jobcomesterd20.buzz
johpfoprucccbbjfdbmrseuoppejdoci.shop
jorgesmith.pics
jrmcsdjriesibcuuhbgosbpuaebssiae.top
jrursormegcrbrrbocsgsgmchrgbburf.top
justerx1.cfd
justerx2.cfd
ki6hcax6c1ehe5j.one
kibwufihmk4kp.date
kiwerx1.link
kiwerx2.link
kiwerx3.link
kiwerx4.link
kiwerx5.link
kmawr.calitina.live
kniier.adonuting.cloud
kniier.danomininter.cloud
koyteo.business
ktaaot.adonuting.cloud
ktaiq3.calitin.xyz
l4uxr5s2yq.online
l5isnap6wuhx.win
lacenbeorth.cfd
larrymccarthy.pics
laucrowsyl.cfd
lc83k0l0bdl6u41.one
ld1iwm9mbnhn.top
lembretesdiws.fit
lembretesdiws.one
lenigs.cfd
leteaxe.world
lih2wbii62.shop
lkiujhyttrfdg.one
lprxarkaujzy.eu
ltpyi8i70o.shop
lxxbrmwgbkk.top
m4x11xiyeft7.shop
magentagalotop.eu
manisum.cfd
maoweti.world
markjobet.cfd
masmabelicods.com
masteroso.us
maxcijhgfdfhj.buzz
maxcijhgfdfhj.xyz
mercadodaneting.one
meyzmecu.us
mfpuejcfihfbcirmfhbdbuegjssmgbpm.top
mhytrdcvbh.buzz
mhytrdcvbh.xyz
miertx1.click
migturxe01.com
migturxe01.me
migturxe01.org
migturxe01cia.com
mncbvdisf.one
mng7wu9tx22isva.digital
monarcagalotop.link
moradoresmostra.one
motohonda.biz
mpdiccrfubmaomiidsaesrmfpoujhdgu.shop
muaefc.calitina.site
muou49.eanimininter.cloud
muyhtgrfed.one
mwaet.calipol.xyz
mwqcipk484.cloud
mxaflbsa3chjk0i.quest
myeldrqgjsdb.life
navegandostar.cfd
nbfdertjhgfghj.xyz
ncibt8kso69q.shop
neitelandstar.cfd
nemtusabeoqquer.skin
nhfresterttt.casa
nhtredfghik.buzz
nhtredfghik.xyz
nightowlgalotop.link
nironsan.cfd
nm542iefjijgl2n.one
northpointgalotop.link
np1eg9r9bh.top
nwae3.pogjyceaiaxz.surf
nwaea.calitin.xyz
nwawa.gjyniitkxqyj.surf
nyoo37.edonuting.cloud
ocofbdrioehsjdaaujfmgofoddcciuhs.top
odagmdjochhbgacdmjhbabgbaigjcsep.top
ogdebaucsjjeghfheesajgeumbjhsbdu.top
oiamrdcdjhspucccdrajefabjimssmcm.shop
okawpuskwgkm3s.top
olhaaiquetendel.mom
olinfrea.cfd
omaigod.skin
omdtmdqytjuu.surf
omdyo.business
omigxpremiernuc.com
oriobr.calinox.top
ovkral.world
p2jnahbccw.shop
pa49ed5cxjrdj.digital
pakotae.shop
pcgchgsscgsbjedusijedcgjpcpfgmpm.shop
perketurxb.com
perketurxb.me
perketurxb.org
perketurxbnet.com
perketurxbonline.com
phiafrid.pics
pjkkxkgrfzaw.surf
plustrankingh.buzz
poaklace.surf
pogjyceaiaxz.surf
previoddyx10.site
previoddyx7.site
previoddyx8.site
previoddyx9.site
pubipen.shop
qau6z4582u.shop
qgxabnszrdns.surf
qpzgycqagykg.surf
quexio.us
r2iomj.bdomunting.cloud
r4eiw6.calipol.top
r4nrjfmlc3k7z00.quest
r53z7jfphl.online
r8eejt.calipol.top
raaefw.calinox.monster
raaefw.wswyznfiyigl.eu
raaesj.calinox.top
raaewy.utshqlpwkkan.eu
rafatrekindustri24.com
rafawarsindustri.com
riakimingsam.pics
ricli.pics
riclincomerid.pics
rieealdino.pics
rinielcla.pics
rj46za4h3p99.top
rodeioswebs.bond
rodeioswebs.link
rofbiqr0wx.online
roonblwracbz.fit
roterkindustri24.com
rppmbbdacuojusecmgimormdrhiidpca.top
rt7j4qoiqh.cloud
rtaa21.badomininter.cloud
rtaa21.ddonuting.cloud
rtyhgfdfghjk.buzz
rtyhgfdfghjk.xyz
ruprn859mpe6.cloud
rwaehpjqfyyvfmam7.today
rzdywixixzy.cloud
s3fuhn8sjhbx.top
s40rj0334mda.shop
s9g9m2t8xd82x.top
salgueirao.click
sbsmcfpfjrpruuohfsjggdmbomucaffp.top
segundojornal.us
sejaumapessoaboa.hair
semmaldade.mom
seztrehjplk.in
sfdmoamhcsfdpocfgdifmjcgcedjbsui.shop
sguumi.bdomunting.cloud
shaiew.omdtmdqytjuu.surf
sj04xb2nh59mg5.agency
skylightgalotop.eu
slotstbrnewss.com
sophiaemarlibuffetme.link
soquerouma.biz
spimujgspcmfrigdfjeufcdbeeuhjjui.live
styloeventos.link
suelbekwj04q.date
sungforthseph.pics
t2iacr.calinox.top
t5ctg9k9cpdmhjt.quest
t7io5s.calitin.buzz
t8eekc.zcyzcwglozsy.fit
tanielris.pics
tdtkgyb9hpn9.top
teligameu.hair
thaefastgar.pics
thegaudysait.makeup
thourxo.fashion
thrythvell.pics
tiarrond.mom
tirodelacoweb.quest
tmlzhx7jispr1.win
todaquengarquer.biz
torneadora.click
tudopassa.skin
u1iacr.calipol.xyz
uaaazn.lprxarkaujzy.eu
ubiu8b94zmd4.top
udcwwifmzesy.fit
udguijgeupsubfcimcbjghmcbbpepjbh.top
udobaaujaobgpcmfodafemhaereeejrr.live
uebgpiojgbobmuffmcjbcfipdmgfejbu.top
ueoihwik7ru0.win
uerutxrsqi.top
ui0w9iwrsk.cloud
ulks33g7t0udb4.eu
umexoficialdamarinha.us
unkethir.mom
unnebor.pro
unpszx0ql5.cloud
urgjnixhzf.eu
ushndabag.sbs
utshqlpwkkan.eu
v1xmw5x3phqc.digital
valohad.surf
vamocaralho.skin
vaufuion.yachts
verifiquesuanota.mom
veztywzreswyxlp.directory
vidanocampo.cfd
vistyhgjrezxcx.download
vjur2fho2j3.clus.ga
w4oaer.udcwwifmzesy.fit
w5iomk.eanimininter.cloud
w5ouew.lprxarkaujzy.eu
w7oaer.zcyzcwglozsy.fit
wa86.qpzgycqagykg.surf
wa92.blushbiro.click
waa9.calipol.monster
waet.adonuting.cloud
waet.cdonununting.cloud
waet.danomininter.cloud
wara.calipol.monster
wara.danomininter.cloud
weaa5h.calitina.live
wertdoksx1.buzz
wertdoksx2.buzz
wertdoksx3.buzz
wertdoksx4.buzz
wertdoksx5.buzz
wertdoksx6.buzz
woues77mxrzi.shop
wozwobchitpr.top
wra95.pogjyceaiaxz.surf
wraa5f.assessirianricoadvocacia.cloud
wswyznfiyigl.eu
wtaey2.calipol.cloud
wuu4saetwuzf5.top
x1zu4ksval1hjh5.today
xai1mm2fpcflbq.eu
xd7e407p4gt6u.date
xertsontriscler.agency
xniier.ddonuting.cloud
xp0tztbd3s.cloud
yekobyioxnab.eu
yiaexk.calinox.monster
yiuahd.sophiaemarlibuffetme.link
yke6jpq69x.cloud
yl3l0ycdjqajh.top
yveiw7.roonblwracbz.fit
ywiigm.cdonununting.cloud
yxjukwts3tt.today
zaymuigramph.sbs
zcyzcwglozsy.fit
zfar8.utshqlpwkkan.eu
zhblkjk8nbietd.fit
zj2947i1u6.monster
zliaet.calinox.monster
zmi692fchugg4.world
zsi8idpuhg33.date
zt5rksfhnlwdme.eu

# Reference: https://www.virustotal.com/gui/file/13dbde64204f3be4f1c35ef073973e9e6b73c5c6650e4e19fa400e59dcf5dd05/detection

igrejamessiancamundial.shop
eteahw.igrejamessiancamundial.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.astaroth/ (# 2023-09-12)

045gw7kiakw.joridicoanagomes.shop
049cr1vuuw5.stelarekauetelecome.info
0aua6t.phonecloud.website
0bautg.linharara.me
0c4le2eoitd.irparternoblee.life
0cuah8.linharara.me
0naaav.phonecocloud.website
0paah9.phonecocloud.website
0qa1b.wiontechieq.bio
0toeer.wiontechieq.bio
0vuiw9.linharara.me
0yii6s.wiontechieq.bio
141mtsbao83.joridicoanagomes.shop
14aa8h.grucloudpress.site
1baso.wiontechieq.bio
1btvw3deugr.representanteanaliz.life
1gauej.vabelhaekaliliousmmelarta.shop
1kiae6.grucloudpress.site
1nagu.linharara.me
1nas8.cloudphonoway.online
1raa8f.cloudphonoway.online
1ruuw9.wiontechieq.bio
1vekt.cloudphonoway.online
1weo6r.phonecloud.website
1xe9ji8ia2k.gfmileniumdez.info
1yua8o.phonecloud.website
1yuar1.grucloudpress.site
24ea1u.phonecocloud.website
2aua7j.phonecocloud.website
2baur5.linharara.me
2ga19.cloudphonoway.online
2jak3.wiontechieq.bio
2kiabe.phonecloud.website
2kier1.phonecloud.website
2kier6.cloudphonoway.online
2rieaf.cloudphonoway.online
2riiw8.phonecocloud.website
2toiea.phonecloud.website
2twkr1vuae5.hfarinhadester.pro
2wadt.cloudphonoway.online
2weoea.phonecloud.website
2wiirs.wiontechieq.bio
2woieg.wiontechieq.bio
2ytct5rie8t.hfarinhadester.pro
2yuor1.grucloudpress.site
31aicw.phonecocloud.website
31auee.linharara.me
35aodr.linharara.me
3d8aw8geuce.irparternoblee.life
3eautd.linharara.me
3fiaer.phonecloud.website
3gea9g.linharara.me
3h77ta0au8a.hfarinhadester.pro
3hugr08ieaf.representanteanaliz.life
3kea6w.wiontechieq.bio
3mergi5ia3d.hfarinhadester.pro
3oa1t.phonecloud.website
3siea0.wiontechieq.bio
3tiab4.cloudphonoway.online
3uiw3.linharara.me
3waka.grucloudpress.site
41iaji.grucloudpress.site
44a3n.linharara.me
4be2yaga1y.representanteanaliz.life
4ca14.wiontechieq.bio
4cr24amagp.irparternoblee.life
4fadh.cloudphonoway.online
4faho.linharara.me
4fw9wp7a9b.representanteanaliz.life
4mahb.wiontechieq.bio
4rar1.linharara.me
4rdw5neaa3s.hugoeyagomucasltda.shop
4rua9d.cloudphonoway.online
4wdr9e1ea8g.vitubtiagobuffetme.mobi
58aa34.phonecocloud.website
5cuie5.linharara.me
5eieea.linharara.me
5eikt8feukw.irparternoblee.life
5roiw8.cloudphonoway.online
5va24.phonecloud.website
5wesm1ba1y.ebertoebryanpadariame.pro
6b1he2yui88.vzaquillesjkd.mobi
6bautd.cloudphonoway.online
6btnt3deujw.ebertoebryanpadariame.pro
6caoa0.phonecocloud.website
6da7k.phonecloud.website
6jua1n.phonecocloud.website
6kieee.wiontechieq.bio
6kiir0.phonecocloud.website
6la1n.cloudphonoway.online
6na7t.linharara.me
6rpbw8faule.representanteanaliz.life
72a8t.cloudphonoway.online
7aia8g.phonecloud.website
7aiabw.grucloudpress.site
7cae2b.wiontechieq.bio
7cie28.phonecocloud.website
7dasm.wiontechieq.bio
7deube.linharara.me
7feuee.wiontechieq.bio
7fiuee.phonecloud.website
7hm7tr6uih9.hugoeyagomucasltda.shop
7hoae8.grucloudpress.site
7kiabe.grucloudpress.site
7kouej.linharara.me
7kuue7.phonecloud.website
7ky6tt0aiv9.joridicoanagomes.shop
7madu.phonecocloud.website
7saigw.linharara.me
7vylw8geamw.stelarekauetelecome.info
7waa0y.phonecloud.website
7wjr2ttaa3s.hfarinhadester.pro
80aihr.cloudphonoway.online
80aokw.grucloudpress.site
80bufw9ueg9.irparternoblee.life
80eaer.phonecocloud.website
80eaet.linharara.me
84aua1.linharara.me
86a2r.phonecloud.website
87auw8.linharara.me
8aiagu.phonecloud.website
8cer1.phonecocloud.website
8da94.wiontechieq.bio
8deukr.grucloudpress.site
8fauer.wiontechieq.bio
8gaowr.wiontechieq.bio
8gee3.grucloudpress.site
8gia4w.cloudphonoway.online
8kaat1.phonecocloud.website
8na0i.cloudphonoway.online
8qia04.grucloudpress.site
8rui28.wiontechieq.bio
8sa0t.phonecocloud.website
8sii8f.wiontechieq.bio
8waeoz.cloudphonoway.online
9aekd.linharara.me
9buagi.phonecocloud.website
9eeukr.phonecocloud.website
9fiae3.phonecloud.website
9geaew.grucloudpress.site
9jasy.cloudphonoway.online
9joia5.grucloudpress.site
9ma6c.phonecocloud.website
9nuiad.grucloudpress.site
9nylw3fiucw.vzaquillesjkd.mobi
9tuafi.linharara.me
9waeol.phonecocloud.website
9wew6.linharara.me
a081t6yui88.hugoeyagomucasltda.shop
a1aubw.cloudphonoway.online
a1eiw2.phonecocloud.website
a1yygw8ia6g.ebertoebryanpadariame.pro
a2oaet.phonecocloud.website
a6uefr.grucloudpress.site
a6uesr.grucloudpress.site
a7aas.phonecloud.website
abarth.beauty
abeadr.linharara.me
abncient.za.com
adepitagoras.beauty
administraonline.exnet.su
adminwebgestao.vladimir.ru
adu4aaeu1c.joridicoanagomes.shop
aduncjrsi.life
aeu6r.phonecocloud.website
agast.phonecocloud.website
agiee2.phonecocloud.website
aiie5.grucloudpress.site
aiusr.cloudphonoway.online
aka8d.cloudphonoway.online
akaaw.linharara.me
alenksysteme.one
alexabell.cfd
alfaromeo.beauty
aliciapricemd.mom
alineflviovilach.top
allssdapace.makeup
amacg.grucloudpress.site
amadeumanuelamoura.top
amanronxykri.com
ameadu.linharara.me
andreapeterson.cfd
antonellaaliciaassisfindout.fun
antonellagoncalvestemp.cfd
antoniobenjamindacunharedex.yachts
aquitroca.com.br
aseolr.phonecocloud.website
asfamor.beauty
asiae8.cloudphonoway.online
astonarin.beauty
atuow8.phonecocloud.website
audfsi.makeup
audiods.beauty
averotable.top
avertedsnt.top
awaikr.linharara.me
awoer2.grucloudpress.site
aylawyabaza.cfd
aytn3jaoi3f.vzaquillesjkd.mobi
bambuzalfeliz.makeup
barulhodechuva.makeup
baveruttery.top
baviolent.za.com
bbbcrowded.sa.com
be6wygwaips.stelarekauetelecome.info
beldsezas.beauty
belesdaszas.beauty
belezfasturais.beauty
benciotaerl.one
bentldas.beauty
bhmkigfse.beauty
bigmonster.one
bkkfhxjqn.monster
bobadorato.autos
bobadorato.beauty
bobadorato.boats
bobadorato.makeup
bomboxmuitoalta.autos
bomboxmuitoalta.beauty
bomboxmuitoalta.boats
bomboxmuitoalta.makeup
bqhhkskop.ink
brendalaramouragoldenhotel.team
bugatti.beauty
buoaa0.wiontechieq.bio
buttery.top
buumm.com.br
buzr3fmaaw8.vzaquillesjkd.mobi
bw3fpk3ay7.vzaquillesjkd.mobi
bwae75.grucloudpress.site
bwaess.wiontechieq.bio
bwafi.grucloudpress.site
bwafp.linharara.me
bwai4d.phonecloud.website
bwaiss.grucloudpress.site
bweonr.phonecloud.website
bydmex.top
caasdoa.makeup
calebjuandossantosdddrin.hair
cardgoal.makeup
cardosoyahoo.eu
carolinaclarameloveraparodi.autos
cauajuanmartinsdesari.cfd
caverlassic.top
caverontent.top
cfady.cloudphonoway.online
chartublf.sbs
chasdaey.makeup
cheirodeterra.makeup
chsasdevrolet.makeup
clientesdawebs.icu
cloudgusson.live
cloudivox.info
cloudkknet.pro
cloudphonoway.online
cobrazoom.top
commander.beauty
conceitosdemoda.makeup
coneticvoice.makeup
construtoraepul.icu
contedsnt.top
controladorweb.com.ru
controleadminempresarial.top
cordeiromaquinas.one
coua6r.phonecocloud.website
countrypress.yachts
csaa0c.linharara.me
ctuasb.phonecloud.website
cuniform.top
cw8wixwao3m.stelarekauetelecome.info
cwadq.cloudphonoway.online
cwaje.grucloudpress.site
cweo9r.linharara.me
cweovr.cloudphonoway.online
cweu6r.phonecloud.website
cwoiet.wiontechieq.bio
cynthiawilliams.mom
d4oad8.phonecocloud.website
daamazing.za.com
daltonfrazier.cfd
daluzaccor.hair
danielcooper.mom
datadiscord.hair
daverecimal.top
davidashley.cfd
dbaaw8.linharara.me
dbaoe3.cloudphonoway.online
dcea7j.phonecloud.website
dma1n.phonecocloud.website
donasdada.beauty
douglashoward.mom
dw3hah3a8a.vitubtiagobuffetme.mobi
dwaeol.wiontechieq.bio
dwagi.grucloudpress.site
dwago.phonecloud.website
dwai4l.grucloudpress.site
dwaj3.phonecocloud.website
dy8ctfmeits.ebertoebryanpadariame.pro
dyaa9j.grucloudpress.site
dyikr27auw9.stelarekauetelecome.info
e0i8t8koi8a.stelarekauetelecome.info
e1aeed.cloudphonoway.online
e1aey1.cloudphonoway.online
e1iaet.wiontechieq.bio
e6ao3d.phonecloud.website
e6kuz3eyi.hfarinhadester.pro
e6uaee.cloudphonoway.online
e6uejw.wiontechieq.bio
e6uolr.cloudphonoway.online
e781aeeoyk.ebertoebryanpadariame.pro
e7euw3.grucloudpress.site
e8oa4j.phonecloud.website
e8oa7r.phonecocloud.website
e8oeee.wiontechieq.bio
e8ueme.wiontechieq.bio
e9aofr.cloudphonoway.online
e9jomwaeps.gfmileniumdez.info
e9oagw.wiontechieq.bio
e9oahr.cloudphonoway.online
e9oicw.linharara.me
eaahr.cloudphonoway.online
eaarj.phonecloud.website
eae7h.wiontechieq.bio
eae89.phonecloud.website
eaiif.phonecocloud.website
eaipr.phonecocloud.website
eaiur.linharara.me
eaiwf.grucloudpress.site
eaoum.cloudphonoway.online
eaoxe.wiontechieq.bio
eaulr.phonecloud.website
ebertoebryanpadariame.pro
edwardgregory.mom
eeaba.grucloudpress.site
eeefe.cloudphonoway.online
eeeknowing.sa.com
eeiqr.phonecocloud.website
eeisf.grucloudpress.site
eeoas.wiontechieq.bio
eeu9w.wiontechieq.bio
eficienciaempresarial.top
eiiit5.phonecocloud.website
eiu6r.wiontechieq.bio
eja2y.phonecocloud.website
ela9k.phonecloud.website
eleavergant.top
emeae9.linharara.me
endacavanagh.cam
enemc.cloudphonoway.online
engesoftware.site
enixlocadora.online
epaaf8.grucloudpress.site
epearr.grucloudpress.site
eriuet.phonecocloud.website
espacocontabilrec.one
estiletelivros.shop
estilingulivrose.shop
estojlivrosodepintura.shop
estojodemaquiagem.shop
estojolivrosdelapis.shop
estriblivroso.shop
etiquelivrosta.shop
etjr30vui8t.ebertoebryanpadariame.pro
eugeneblair.cfd
euhbhpjug.cyou
eversystems.cyou
ew8ho9ma0t.vitubtiagobuffetme.mobi
exameoldeaion.one
examesesaude.one
exauslivrostor.shop
extensaeletrica.shop
extilivrosntor.shop
eyua6e.linharara.me
f4ea9j.cloudphonoway.online
f4ie1v.linharara.me
f7ei6n.phonecocloud.website
f8ier1.cloudphonoway.online
fabianarezende91corp.live
fafdfweh.makeup
famatextil.online
fanticoelaterra.makeup
fazendaazuladinho.makeup
fcoiw8.phonecloud.website
fe-krrdbo6imq-uc.a.run.app
fearful.top
felasuthir.one
fernandesx.com.br
finortexes.makeup
fjcpbmmjl.boats
fm4bt0vui8a.vitubtiagobuffetme.mobi
fn1mw5siit1.ebertoebryanpadariame.pro
fnaotd.phonecloud.website
fnuoe3.wiontechieq.bio
fortressbrain.sbs
freerangestock.makeup
ftmes.lol
ftmsistemas.hair
fusionwin.top
fv3c9jsoa8h.vitubtiagobuffetme.mobi
fyua3g.cloudphonoway.online
g2a9c.phonecloud.website
g3oeea.wiontechieq.bio
g4adr6woae7.ebertoebryanpadariame.pro
gaqueabelhaekaliltacome.site
garndennpaz.com.de
gawelcome.za.com
gcai2j.grucloudpress.site
gcaym.grucloudpress.site
gceju.cloudphonoway.online
geaaku.wiontechieq.bio
gerenciadorvirtual.com.ru
gerenciadorweb.com.ru
gerenciaestrategica.top
gestaodeconteudo.vladimir.ru
gestaodigital.north-kazakhstan.su
gfmileniumdez.info
gilvanley.hair
glavereeful.top
gleeful.top
globalwaves.hair
glothiralha.me
glothiralha.net
gmaiaw.linharara.me
grotesque.beauty
grucloudpress.site
gteusc.cloudphonoway.online
gwaei8.cloudphonoway.online
gwaeom.phonecocloud.website
gwaeug.wiontechieq.bio
gwaiwz.cloudphonoway.online
gweodr.linharara.me
gweomw.phonecocloud.website
gweu1r.cloudphonoway.online
gyiia2.wiontechieq.bio
haorderly.za.com
hardening.hair
hcauw7.wiontechieq.bio
heitorcaldeiraunitower.bond
heloisemonteiroieee.digital
hentermax.com.de
hfarinhadester.pro
hidratacaocapilar.makeup
hildecuthrattrarg.makeup
hiltodrargbeorn.hair
hioa9w.grucloudpress.site
hmadq.phonecloud.website
hmie8a.phonecocloud.website
horfehumaisum.com.de
hugoeyagomucasltda.shop
huuia1.grucloudpress.site
hwaeth.phonecloud.website
hwafozeaoik.stelarekauetelecome.info
hwas8.grucloudpress.site
hxpdqfcqk.autos
i1ia6e.phonecloud.website
i1ia9k.wiontechieq.bio
i4eas8.phonecocloud.website
i4iafu.linharara.me
i5a0o.wiontechieq.bio
i7a9w.linharara.me
iasubdued.za.com
ida2o.grucloudpress.site
ifa0s.wiontechieq.bio
ila08.cloudphonoway.online
imextecnologia.one
indelible.beauty
ingenariamax.one
iolandaolviosobreira.top
ipanemanet.com.br
irparternoblee.life
iwea9f.cloudphonoway.online
ixa1s.cloudphonoway.online
ixearena1r.vitubtiagobuffetme.mobi
j4aae9.cloudphonoway.online
j4ei7y.grucloudpress.site
j7a8y.cloudphonoway.online
j8ear1.phonecloud.website
jackbowman.cfd
jagspqyoaea.top
javelvety.za.com
jdi8nkv31as.gaqueabelhaekaliltacome.site
je58laaiag9.vitubtiagobuffetme.mobi
jeffreyray.cfd
jenniferelainegalvaoasconinternet.mom
jenniferwilson.top
jeremiasmiriambrum.top
jeromedelgado.top
jfghjudeep.beauty
jiiiaw.wiontechieq.bio
jioa9j.phonecocloud.website
jjar7.grucloudpress.site
jkjqpjsiar.top
jmaor6.phonecocloud.website
jmea9o.cloudphonoway.online
jmie3m.cloudphonoway.online
jmoa7e.linharara.me
jnauea.wiontechieq.bio
joridicoanagomes.shop
jpojangelic.sa.com
jtaad4.phonecloud.website
juansouzaimobideal.team
justinhart.top
jwaeof.phonecocloud.website
jwe1ntva5e.vzaquillesjkd.mobi
k4aiea.wiontechieq.bio
k7ea9g.linharara.me
k7mr9rsier6.hugoeyagomucasltda.shop
kaaati.wiontechieq.bio
karaburton.cfd
karlatownsend.cfd
kba54.phonecloud.website
kceokr.wiontechieq.bio
keeasn.phonecloud.website
khagt.mom
koua7v.wiontechieq.bio
kounrz.cfd
kteaoh.linharara.me
kuoa7w.wiontechieq.bio
kuuaf3.linharara.me
kwa0y53aei.gfmileniumdez.info
kwaipm.grucloudpress.site
kwaja.grucloudpress.site
kwaokr.phonecloud.website
kwaow8.linharara.me
kwoie0.cloudphonoway.online
kwr681gadn.joridicoanagomes.shop
kwt571nad8.vitubtiagobuffetme.mobi
kyaahy.wiontechieq.bio
kyea1c.grucloudpress.site
l1aokr.grucloudpress.site
l8oask.wiontechieq.bio
lafgarbeorn.hair
lafokava.yachts
latoyamoore.top
lbsaokfjeb.top
le6t1kwai8c.irparternoblee.life?1
leaude.phonecocloud.website
leeofr.cloudphonoway.online
leofgrenriscrom.homes
lielvul.one
ligthvert.click
liliveiculosltda.homes
liliveiculosltda.life
liliveiculosltda.link
liliveiculosltda.mom
liliveiculosltda.world
lindalopez.mom
linharara.me
lnaii6.linharara.me
loyalteam.top
lviacndidapinho.top
lwai6b.phonecocloud.website
lwaorx.phonecocloud.website
lweanr.phonecloud.website
m4a5u.phonecloud.website
mahkus.cfd
malceon.yachts
mankenbergg.website
manronxykrionline.com
marmalade.hair
massaveveiculosltda.beauty
massaveveiculosltda.mom
massaveveiculosltda.yachts
matiasbrdez.com.de
matrugrupol.com
matthewmathis.mom
mda2y.phonecloud.website
mdbox.one
meea7h.linharara.me
megansmith.mom
megate.top
mhaac.grucloudpress.site
mher1viiit5.ebertoebryanpadariame.pro
michellemartinezdds.mom
michelleshepherd.one
ministerfic.top
mjllfuytze.top
mondroushi.com
mosaiccolor.skin
mousaa.hair
mraa1n.phonecloud.website
mtuirw.wiontechieq.bio
mwaei3.grucloudpress.site
mwaeil.grucloudpress.site
mwiadr.linharara.me
mwialr.cloudphonoway.online
nathanielcastro.one
nauan.cfd
naverotable.top
ndafo.linharara.me
neeokw.linharara.me
neium8.linharara.me
nervously.makeup
networksoluction.click
nixcontact.store
nruars.linharara.me
ntaafu.cloudphonoway.online
nteadn.wiontechieq.bio
ntoele.wiontechieq.bio
nubucoha.makeup
nwae44.linharara.me
nwaeu2.phonecloud.website
nwaeuz.phonecloud.website
nwaitj.wiontechieq.bio
nwaiwv.phonecloud.website
nwakt.phonecloud.website
nwao9r.cloudphonoway.online
nwaoez.grucloudpress.site
nwiafr.linharara.me
o3iad4.phonecocloud.website
o6a5v.linharara.me
o6ia6w.cloudphonoway.online
o7aas.grucloudpress.site
o8ia5y.phonecocloud.website
o9a3w.wiontechieq.bio
o9ergy2ia9g.hugoeyagomucasltda.shop
odakf.linharara.me
ofa9t.wiontechieq.bio
oha1a.wiontechieq.bio
oka5p.phonecloud.website
onmicrosoft.pro
orbag.sbs
organizacaoempresarial.top
orweb.yachts
ovr54wgasb.irparternoblee.life
oxe7w.phonecocloud.website
p6aag.phonecloud.website
p6ia7k.wiontechieq.bio
p9ia6w.grucloudpress.site
paneladepressao.autos
paneladepressao.boats
patiently.makeup
patriciastark.cfd
paverotable.top
pcasi.grucloudpress.site
peppery.top
pharthenonplus.info
phatf.phonecloud.website
phonecloud.website
phonecocloud.website
phoneking.sbs
photonet.life
phseventos.store
planejamentoempresarialon.top
pnayz.phonecocloud.website
podsorocabaoficial.com.br
produtosagricolas.skin
pvasp.linharara.me
pxa28.phonecloud.website
pxacn.phonecloud.website
qkaiaj.wiontechieq.bio
questfor.top
quotation.hair
qxlkjymdph.top
qxw8kpdia8f.representanteanaliz.life
qza28.phonecloud.website
r1ctd3aenr.gfmileniumdez.info
r2ueme.linharara.me
r2yikeaisx.gfmileniumdez.info
r5aoe8.phonecocloud.website
r5auw9.cloudphonoway.online
r5uo3h.phonecocloud.website
r5yixateua9.representanteanaliz.life
r6aue5.grucloudpress.site
r6euwe.cloudphonoway.online
r6oekr.wiontechieq.bio
r6uedw.phonecloud.website
r6uefr.phonecloud.website
r6uezr.wiontechieq.bio
r9oafr.phonecocloud.website
r9oeee.grucloudpress.site
r9ouev.phonecloud.website
raiir.wiontechieq.bio
randycollins.one
relicutils.top
reork.phonecloud.website
representanteanaliz.life
reu9e.phonecloud.website
reuje.grucloudpress.site
reuva.grucloudpress.site
rexxprhqnxk.buzz
rfaohw.phonecloud.website
rfzzglnkanb.top
rha6t.cloudphonoway.online
rhiae9.wiontechieq.bio
rhondawatson.cfd
riae9.phonecocloud.website
ribbitcuckoo.cfd
riosasgrosso.makeup
riskrumcongifu.makeup
riusr.cloudphonoway.online
rka8o.phonecocloud.website
roalw.phonecloud.website
roasted.top
robertlee.cfd
rodneyfoster.one
rodneygarcia.boats
rodoplanvix.info
rodw2n1ia2y.gfmileniumdez.info
roieaw.linharara.me
roiia0.wiontechieq.bio
rolexcity.bond
ronabetla.com
royaltybel.top
rp7rts8auw8.hfarinhadester.pro
rqawppubzzx.top
rqea86.phonecloud.website
rroe8h.phonecloud.website
ruia9g.phonecocloud.website
ruthhogan.cfd
ruthipen.com.br
rxa27.wiontechieq.bio
ryanmiles.boats
s2a77.phonecocloud.website
s8iaki.cloudphonoway.online
sai6a.grucloudpress.site
sandraporelli.com.br
saruhash.cfd
sathdusdaisybou.site
sceat0.phonecloud.website
scui3s.grucloudpress.site
scuie3.grucloudpress.site
sellpower.top
senarmt.online
shelankul.mom
shelhamph.cfd
sherriroberts.boats
sistemit.top
skafu.phonecocloud.website
snw7roga7b.vitubtiagobuffetme.mobi
soelines.makeup
somaepromo.cloud
sometimes.makeup
southamerica-east1-loyal-skill-365616.cloudfunctions.net
spfsdin.makeup
spiae9.cloudphonoway.online
sroow3.phonecocloud.website
sruit2.cloudphonoway.online
stelarekauetelecome.info
stoie3.cloudphonoway.online
stupidity.hair
stylediamond.top
suua14.phonecocloud.website
swafa.cloudphonoway.online
szaah.linharara.me
t1tpxateotj.hugoeyagomucasltda.shop
t2a9h.phonecocloud.website
t2auea.cloudphonoway.online
t2vyjw8ia5n.representanteanaliz.life
t5aie3.phonecocloud.website
t5aokw.wiontechieq.bio
tabcoperoo.sbs
tanyamiller.cfd
tapetesgratuitos.makeup
tca8o.cloudphonoway.online
tda3h.phonecloud.website
tdasf.phonecocloud.website
tdnrmaaeoqd.gfmileniumdez.info
teaworks.sbs
teo4r.wiontechieq.bio
terrybanks.boats
tfaah.cloudphonoway.online
thargwicone.icu
thesweltering.cfd
thramonor.com
thua7r.grucloudpress.site
thukthanric.beauty
thunmuschet.com
tiaad7.linharara.me
tiaja.wiontechieq.bio
tiendalatina.top
tigaasfgo.makeup
tigfswauan.makeup
tiiie7.linharara.me
tiim0.grucloudpress.site
tiu4e.cloudphonoway.online
tja5p.wiontechieq.bio
tjeme.com.mx
tjuow8.linharara.me
tna7r.phonecocloud.website
tpua7i.linharara.me
tpuaaf.linharara.me
trigobats.com
tripwiresan.top
tseae3.grucloudpress.site
tuaoe5.phonecloud.website
tuie3.grucloudpress.site
turonbats.com
tyaato.wiontechieq.bio
u4a8u.linharara.me
u6ias4.phonecloud.website
u9er14aia7y.hfarinhadester.pro
ufa6u.cloudphonoway.online
unkempt.top
untried.top
urbanred.click
us-east4-vibrant-outpost-383916.cloudfunctions.net
utaa3s.linharara.me
vaaa6j.linharara.me
vabelhaekaliliousmmelarta.shop
vanexuberant.top
vaninsidious.sbs
vaoir2.cloudphonoway.online
vararaknath.quest
vastercenterbr.com.de
vesfallerdez.com.de
virddtual.top
vitubtiagobuffetme.mobi
vofdwelkswagen.makeup
vonfierce.sbs
vruaf7.wiontechieq.bio
vwae4w.linharara.me
vwahm.phonecloud.website
vwairm.cloudphonoway.online
vwaode.grucloudpress.site
vzaquillesjkd.mobi
w0eee6.phonecocloud.website
w0yybr6uez9.stelarekauetelecome.info
w2aoe3.grucloudpress.site
w2auet.phonecloud.website
w30v5jajo.joridicoanagomes.shop
w3iaxr.wiontechieq.bio
w3oa6n.linharara.me
w3oaje.grucloudpress.site
w3oinw.cloudphonoway.online
w5aa1b.grucloudpress.site
w6rwet1uig9.joridicoanagomes.shop
w6uiet.phonecloud.website
w7tana3iu7n.representanteanaliz.life
w7uedr.linharara.me
w7uexr.phonecocloud.website
w8fyfaeaiu4.joridicoanagomes.shop
w8hmkareiy9.hfarinhadester.pro
w8hplareoqc.hugoeyagomucasltda.shop
w8oae1.grucloudpress.site
w9aoe2.linharara.me
w9jykw3iuqb.stelarekauetelecome.info
w9oehe.linharara.me
w9uecr.wiontechieq.bio
w9uehw.phonecocloud.website
w9uie2.phonecloud.website
waab9.wiontechieq.bio
waauw8.phonecocloud.website
wae73.phonecocloud.website
waear.phonecloud.website
waenr.cloudphonoway.online
waepg.grucloudpress.site
waerm.cloudphonoway.online
waesd.phonecloud.website
waeu3h.grucloudpress.site
waeux.wiontechieq.bio
waey5.linharara.me
wahy.cloudphonoway.online
wai47.cloudphonoway.online
waialt.phonecloud.website
waiph.wiontechieq.bio
waisl.wiontechieq.bio
waitj.grucloudpress.site
waitr.grucloudpress.site
waiub.cloudphonoway.online
waju.grucloudpress.site
waoah.phonecocloud.website
waoalr.phonecocloud.website
waoefr.linharara.me
waoivw.phonecloud.website
waouhr.linharara.me
wawy.phonecocloud.website
we9c5nwaey1.gfmileniumdez.info
weaverlcome.top
weeiez.grucloudpress.site
weeu8r.wiontechieq.bio
weiwr.cloudphonoway.online
weutr.phonecloud.website
wia8y.wiontechieq.bio
wihr7eieat6.joridicoanagomes.shop
wiiana.phonecloud.website
wiontechieq.bio
wkaeag.linharara.me
wma8l.linharara.me
wnarn.phonecloud.website
woade.phonecloud.website
woaxr.cloudphonoway.online
woeteasene.one
woia6w.phonecocloud.website
worriedly.makeup
worthless.beauty
wpua9j.phonecloud.website
wsdr2ruaa8k.irparternoblee.life
wulfhalconncromm.homes
wveahi5ia9j.vzaquillesjkd.mobi
ww6r3ceeowf.vzaquillesjkd.mobi
wwaeu9.phonecocloud.website
wyekszloldhc.cfd
xw3das3ajm.irparternoblee.life
xwaesg.phonecocloud.website
xwan3.grucloudpress.site
xwaokr.grucloudpress.site
xwr6sf3aea.gfmileniumdez.info
xyanavegador.makeup
y1ea7g.phonecocloud.website
y1iad7.grucloudpress.site
y2a7p.cloudphonoway.online
y4a9y.grucloudpress.site
y5a1p.grucloudpress.site
y5iaf7.grucloudpress.site
y7a2e.wiontechieq.bio
y9ai5k.linharara.me
yafr7wiiir6.vzaquillesjkd.mobi
yda6p.phonecocloud.website
ygcw0cwua9g.irparternoblee.life
yha5i.linharara.me
yha8j.grucloudpress.site
yha9t.phonecloud.website
yhahp.grucloudpress.site
yja5h.phonecocloud.website
yka5o.phonecocloud.website
yoiayw.phonecloud.website
ypaaf7.linharara.me
yrqcxhixmoxp.cfd
ytxr3dyauw7.hugoeyagomucasltda.shop
yvafi.cloudphonoway.online
yxa8k.phonecocloud.website
yxenc.wiontechieq.bio
ze6vla8oej9.hugoeyagomucasltda.shop
zoicsson.yachts
zwa17.phonecocloud.website
zwaeix.grucloudpress.site
zwaha.linharara.me

# Reference: https://twitter.com/ginkgo_g/status/1702508033983791375
# Reference: https://www.virustotal.com/gui/file/149dc877de7fe63d793d487b91c9325cfd99a0d17916d364054fbba5db375123/detection

duasdamanhaaa.space
sociedadepoema.com
eaiog.sociedadepoema.com
w3oavr.duasdamanhaaa.space

# Reference: https://twitter.com/Merlax_/status/1727434275866218602

5.252.178.28:3000
waiajr.tartarugarepteis.sa.com 
2buie2.serpenterepteis.sa.com
eeaiar.iguanarepteis.sa.com
tpoi5i.cargadorepteis.sa.com 
3iafw.crocodilorepteis.sa.com
6yuar1.iguanarepteis.sa.com 
6tuoe7.dragaodekomodorepteis.sa.com
r1uoet.dragaodekomodorepteis.sa.com
dwac4.cobrarepteis.sa.com
7waord.tegurepteis.sa.com
dwadp.jacarerepteis.sa.com
3gafi.jacarerepteis.sa.com 
ozag2.tartarugarepteis.sa.com
e2uiea.cobrarepteis.sa.com
tseaw6.serpenterepteis.sa.com
wuia7t.tegurepteis.sa.com
lweu2m.lagartorepteis.sa.com
r1uine.crocodilorepteis.sa.com
e9uuer.lagartorepteis.sa.com
tqiafm.cargadorepteis.sa.com
t6ouqf.jocavaitipegar.top
eeae4w.fazendaparaisoverdeazen.sa.com
otiott.camilemodaevarejo.shop
eeoq7.urniaremobento.pics
awaou.higienopolis.motorcycles
5ma74.rosauranapoleoquintanilha.pics
7fuawp.ceomonetario.bio
mwa2n.fazendaterranovaazen.sa.com
tia8t.ramojulianalousado.pics
npaiet.fazendapedrabrancaazen.sa.com
rzaag.fazendasantaluziaazen.sa.com
sbaoh.rosauranapoleoquintanilha.pics
7waa3d.jocavaitipegar.top
8tui34.ativosprincipais.pics
uwou8p.fazendavidafloresl.homes
nwad7.pegaessaarromba.top
tia8t.ramojulianalousado.pics
cuaiet.fazendaserranegraazen.sa.com
waeie8.rosauranapoleoquintanilha.pics
afar5.pegaessaarromba.top
noiae9.vemquemtemlasquiado.top
fda2m.viacuriosity.bond
yweern.chucrutedadilmao.live
raipg.quirinoroquedias.makeup
ayuor5.seguraseulasquiado.top
jviunr.fazendaparaisoverdeazen.sa.com
tvplahbuo88.topcrekefwejfiwhefi.tokyo
tartarugarepteis.sa.com 
serpenterepteis.sa.com
iguanarepteis.sa.com
cargadorepteis.sa.com 
crocodilorepteis.sa.com
iguanarepteis.sa.com 
dragaodekomodorepteis.sa.com
dragaodekomodorepteis.sa.com
cobrarepteis.sa.com
tegurepteis.sa.com
jacarerepteis.sa.com
jacarerepteis.sa.com 
tartarugarepteis.sa.com
cobrarepteis.sa.com
serpenterepteis.sa.com
tegurepteis.sa.com
lagartorepteis.sa.com
crocodilorepteis.sa.com
lagartorepteis.sa.com
cargadorepteis.sa.com
jocavaitipegar.top.
fazendaparaisoverdeazen.sa.com
camilemodaevarejo.shop
urniaremobento.pics
higienopolis.motorcycles
rosauranapoleoquintanilha.pics
ceomonetario.bio
fazendaterranovaazen.sa.com
ramojulianalousado.pics
fazendapedrabrancaazen.sa.com
fazendasantaluziaazen.sa.com
rosauranapoleoquintanilha.pics
jocavaitipegar.top
ativosprincipais.pics
fazendavidafloresl.homes
pegaessaarromba.top
ramojulianalousado.pics
fazendaserranegraazen.sa.com
rosauranapoleoquintanilha.pics
pegaessaarromba.top
vemquemtemlasquiado.top
viacuriosity.bond
chucrutedadilmao.live
quirinoroquedias.makeup
seguraseulasquiado.top
fazendaparaisoverdeazen.sa.com
topcrekefwejfiwhefi.tokyo

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-12-11-IOCs-for-Astaroth-Guildma-activity.txt

lavacelullares.pro
vertucelullares.pro
gaa7r.lavacelullares.pro
twio0t.vertucelullares.pro

# Reference: https://twitter.com/Merlax_/status/1743380172768784598
# Reference: https://pastebin.com/raw/yh2ePsr6

http://149.78.186.128
http://159.203.113.144
http://167.172.236.210
http://167.99.214.26
http://207.244.233.45
http://34.118.142.199
http://34.118.187.175
http://34.125.136.201
http://34.125.34.226
http://34.130.139.24
http://34.130.51.60
http://34.135.1.100
http://34.165.12.234
http://34.172.209.114
http://34.18.1.101
http://34.18.27.4
http://34.18.34.223
http://34.28.151.63
http://34.38.176.96
http://34.64.164.122
http://34.66.198.234
http://34.95.150.183
http://34.95.56.154
http://34.97.132.7
http://35.192.19.119
http://35.202.253.62
http://35.203.112.79
http://35.203.28.224
http://35.225.207.153
http://35.238.184.120
149.78.186.128:443
159.203.113.144:443
167.172.236.210:443
167.99.214.26:443
207.244.233.45:443
34.118.142.199:443
34.118.187.175:443
34.125.136.201:443
34.125.34.226:443
34.130.139.24:443
34.130.51.60:443
34.135.1.100:443
34.165.12.234:443
34.172.209.114:443
34.18.1.101:443
34.18.27.4:443
34.18.34.223:443
34.28.151.63:443
34.38.176.96:443
34.64.164.122:443
34.66.198.234:443
34.95.150.183:443
34.95.56.154:443
34.97.132.7:443
35.192.19.119:443
35.202.253.62:443
35.203.112.79:443
35.203.28.224:443
35.225.207.153:443
35.238.184.120:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1744653115385594089
# Reference: https://app.any.run/tasks/4cd863f0-fd93-4d9b-af97-fea94d5703f3/

marioadvisory.my.id
opportunityvalue.biz.id
eeiul.marioadvisory.my.id
p8atj.opportunityvalue.biz.id

# Reference: https://twitter.com/JAMESWT_MHT/status/1744790404568912127
# Reference: https://app.any.run/tasks/59c7e045-fb1c-4a19-a235-e8a96fb287c3/
# Reference: https://app.any.run/tasks/846f81d6-9648-48f8-8e9b-89a620679a55/

actiongroup.my.id
mariostrategy.my.id
nextmax.my.id
nweow8.mariostrategy.my.id
w3iuwl.nextmax.my.id
yaiinr.actiongroup.my.id

# Reference: https://www.malware-traffic-analysis.net/2023/12/11/index.html

18.228.115.60:27156
18.229.146.63:27156
18.229.248.167:27156
18.231.93.153:27156
54.94.248.37:27156
lavacelullares.pro
vertucelullares.pro
gaa7r.lavacelullares.pro
twio0t.vertucelullares.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1749395132967710818
# Reference: https://app.any.run/tasks/5b8bc533-6c8a-4754-ae5b-e938d2954174/

18.228.115.60:26885
18.229.146.63:26885
18.229.248.167:26885
18.231.93.153:26885
54.94.248.37:26885
businesswise.biz.id
caiiaf.businesswise.biz.id

# Reference: https://twitter.com/JAMESWT_MHT/status/1747951986341789884
# Reference: https://app.any.run/tasks/6cf40ef8-b674-49ab-8580-825245ac433f/

managementresults.biz.id
mariosolutions.biz.id
cua3e.mariosolutions.biz.id
whatd.managementresults.biz.id

# Reference: https://twitter.com/JAMESWT_MHT/status/1758459802395492709
# Reference: https://app.any.run/tasks/2913f9dd-9ccc-4f68-baf6-3ea5d643625a/
# Reference: https://www.virustotal.com/gui/file/827012f1d94489112a48885209300f87ed6d5b3df77fe5883948742690a64a5f/detection
# Reference: https://www.virustotal.com/gui/file/cee86f2dde8c3507ac20eac299d412e2e8baef99b0321ece1978055ac893c7d9/detection

globalnetwork.my.id
innovationstrategy.biz.id
8saoev.innovationstrategy.biz.id
bsier9.globalnetwork.my.id
h6oehr.globalnetwork.my.id
r9ou2v.innovationstrategy.biz.id

# Reference: https://twitter.com/Tac_Mangusta/status/1757329882936131733
# Reference: https://www.virustotal.com/gui/file/48007bb83b738cbf39b3e104ff557bd0c7ba9da25f8596e2979a3ebf8a16fb27/detection

managementresults.biz.id
7jiu5v.managementresults.biz.id
whatd.managementresults.biz.id

# Reference: https://app.any.run/tasks/efed41ed-b0c9-40c4-986c-a7235421969f/

18.228.115.60:19080
18.229.146.63:19080
18.229.248.167:19080
54.94.248.37:19080

# Generic trails

/Seu7v130a.xsl