search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
7 stars 0 forks source link

Block these three banking trojans: `Astaroth` / `Guildma`, `Mekotio` and `Ousaban` #446

Closed summercms closed 4 months ago

summercms commented 4 months ago

Enhancement idea

Description

Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. Some of the highest volume campaigns recently observed were being used to deliver the Astaroth, Mekotio, and Ousaban banking trojans to victims largely located in Latin American countries. We have also observed lower volume campaign victims located throughout Europe and North America, which may indicate less geographically focused targeting by threat actors moving forward. The current variant of Astaroth targets more than 300 institutions across 15 Latin American countries.

image

Links

https://blog.talosintelligence.com/google-cloud-run-abuse/

https://storage.googleapis.com/blogs-images/ciscoblogs/1/2020/05/85f1cf8c-astaroth_domains.txt

https://threatfox.abuse.ch/browse/malware/win.astaroth/

https://threatfox.abuse.ch/browse/malware/win.mekotio/

https://threatfox.abuse.ch/browse/malware/win.ousaban/

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

021oiyzis.ml
1f5tunhpi.ml
1gb.ru
32lpn3ft7eph05.com.de
4nk7h3s453b019.com.de
6zs1njbw.ml
7ymboe33m.cf
7zip.golf
81rc4uw1b4roh99dmn.cf
84m4bl423.space
88zpv47nuh09wq7.ml
896pc6x93.gq
909nu3dx3rgk13.com.de
9f3rr2tzu2zm14.com.de
a01mt584zk32sw1.ml
a4haub65wwq002.com.de
abarth.beauty
abncient.za.com
aboutnetworkcorporation.com
accountinformation.buzz
accountt.download
actiongroup.my.id
adepitagoras.beauty
adollfhitler.app
aduncjrsi.life
alenksysteme.one
alexabell.cfd
alfaromeo.beauty
aliciapricemd.mom
alineflviovilach.top
allssdapace.makeup
amadeumanuelamoura.top
amandafix.space
amandafix.tech
amanronxykri.com
andreapeterson.cfd
anexo.monster
anitagaribaldi.app
antonellaaliciaassisfindout.fun
antonellagoncalvestemp.cfd
antoniobenjamindacunharedex.yachts
aquitroca.com.br
asfamor.beauty
asth.app
astonarin.beauty
audfsi.makeup
audiods.beauty
averotable.top
avertedsnt.top
aylawyabaza.cfd
baixinho11.cf
bambuzalfeliz.makeup
bantqr8rrm9c11.com.de
barulhodechuva.makeup
batigol.ga
baveruttery.top
baviolent.za.com
bbbcrowded.sa.com
beldsezas.beauty
belesdaszas.beauty
belezfasturais.beauty
benciotaerl.one
bentldas.beauty
bffr.space
bghyh.cf
bhmkigfse.beauty
bifrostsr8.app
bigmonster.one
billgates.app
bkkfhxjqn.monster
blogchief.tk
bnghjh.ml
bobadorato.autos
bobadorato.beauty
bobadorato.boats
bobadorato.makeup
boludo.online
bomboxmuitoalta.autos
bomboxmuitoalta.beauty
bomboxmuitoalta.boats
bomboxmuitoalta.makeup
bqhhkskop.ink
brendalaramouragoldenhotel.team
brigaderua.ml
bubbaoff.press
bugatti.beauty
businesswise.biz.id
buttery.top
buumm.com.br
bvgtt5.gq
bvijuoi.ml
bydmex.top
c3v4b5n6m7j89i.tk
caasdoa.makeup
calebjuandossantosdddrin.hair
cardgoal.makeup
cardosoyahoo.eu
carnegiemonster.app
carolinaclarameloveraparodi.autos
catrinavc.shop
cauajuanmartinsdesari.cfd
caverlassic.top
caverontent.top
cbryt.buzz
centrofinanceirosa.com.de
cg29lhgyrqen08.com.de
chartublf.sbs
chasdaey.makeup
cheirodeterra.makeup
chsasdevrolet.makeup
clientesdawebs.icu
cloudgusson.live
cloudivox.info
cloudkknet.pro
cloudphonoway.online
cmfot.ml
cobrazoom.top
commander.beauty
compradigital.tech
comptech8a.com
conceitosdemoda.makeup
coneticvoice.makeup
construtoraepul.icu
contedsnt.top
controladorweb.com.ru
controleadminempresarial.top
coppernote.tech
coragem.cf
cordeiromaquinas.one
corp73p5dao.com.de
costelinha.tk
countrypress.yachts
creativeplus.my.id
cuniform.top
cynthiawilliams.mom
daamazing.za.com
daltonfrazier.cfd
daluzaccor.hair
danielcooper.mom
datadiscord.hair
daverecimal.top
davidashley.cfd
deliciousprime.cf
donasdada.beauty
dougfunnie.cf
douglashoward.mom
driverss.tk
ebertoebryanpadariame.pro
edmondhalley.app
edwardgregory.mom
eeeknowing.sa.com
eficienciaempresarial.top
eleavergant.top
endacavanagh.cam
engesoftware.site
enixlocadora.online
enrols.ga
ertr.space
espacocontabilrec.one
estiletelivros.shop
estilingulivrose.shop
estojlivrosodepintura.shop
estojodemaquiagem.shop
estojolivrosdelapis.shop
estriblivroso.shop
etiquelivrosta.shop
eugeneblair.cfd
euhbhpjug.cyou
eversystems.cyou
evokgtis.gq
exameoldeaion.one
examesesaude.one
exauslivrostor.shop
exnet.su
extensaeletrica.shop
extilivrosntor.shop
f6zn4bt4525p04.com.de
fabianarezende91corp.live
fafdfweh.makeup
famatextil.online
fanaticallao.site
fanticoelaterra.makeup
fatalerror.cf
fatura-vivo-combr.online
fatura.tech
fazendaazuladinho.makeup
fd85jg5cetko03.com.de
fearful.top
felasuthir.one
fenomeno.gq
fernandesx.com.br
fheyo.ga
fheyo.ml
fhff.space
financeiroltda.golf
finortexes.makeup
fiscal.monster
fjcpbmmjl.boats
fortressbrain.sbs
freerangestock.makeup
from-mt.com
from-oh.com
from-wy.com
ftmes.lol
ftmsistemas.hair
fusionwin.top
g4cpq4xcz.ml
gamesstartf.xyz
gaqueabelhaekaliltacome.site
garndennpaz.com.de
gautamabuddhaa.app
gawelcome.za.com
gdfcd.cf
gerenciadorvirtual.com.ru
gerenciadorweb.com.ru
gerenciaestrategica.top
gerenteempresarial.voyage
gestaodenegocios.monster
gfhh.space
gfmileniumdez.info
gilvanley.hair
gkz9877oj.gq
glavereeful.top
gleeful.top
globalwaves.hair
glothiralha.me
glothiralha.net
grotesque.beauty
grucloudpress.site
grvyj.ml
gtasanandres.tk
haorderly.za.com
hardening.hair
heitorcaldeiraunitower.bond
heloisemonteiroieee.digital
henryford.app
hentermax.com.de
hfarinhadester.pro
hidratacaocapilar.makeup
hidrosolar.space
hildecuthrattrarg.makeup
hiltodrargbeorn.hair
hko1yucr.ga
hmf8qij2.gq
homelinux.com
homelpd6099.xyz
horfehumaisum.com.de
hugoeyagomucasltda.shop
hxpdqfcqk.autos
hyhfv.ml
iasubdued.za.com
indelible.beauty
ingenariamax.one
iolandaolviosobreira.top
ipanemanet.com.br
irparternoblee.life
is-a-hunter.com
is-a-rockstar.com
isa-geek.com
issmarterthanyou.com
iurigagarin.app
jackbowman.cfd
jagspqyoaea.top
jardimboty.com
javelvety.za.com
jeffreyray.cfd
jenniferelainegalvaoasconinternet.mom
jenniferwilson.top
jeremiasmiriambrum.top
jeromedelgado.top
jfghjudeep.beauty
jghkju.ml
jgttg.cf
jkjqpjsiar.top
jorgeweb.com.br
joridicoanagomes.shop
jpojangelic.sa.com
jpz9w9yw7.ga
juansouzaimobideal.team
juisama5.tk
justinhart.top
k8cf0j5u.cf
kaligodfrey.casa
karaburton.cfd
karlatownsend.cfd
karlmarxx.app
khagt.mom
kixmgxjxz.ga
kounrz.cfd
ktms13gb.ga
kwamenkrumah.app
lafgarbeorn.hair
lafokava.yachts
latoyamoore.top
lbsaokfjeb.top
leadershiplink.my.id
leofgrenriscrom.homes
liderfinancesa.com.de
lielvul.one
ligthvert.click
likes-pie.com
likescandy.com
liliveiculosltda.homes
liliveiculosltda.life
liliveiculosltda.link
liliveiculosltda.mom
liliveiculosltda.world
lindalopez.mom
linharara.me
ljkmaa.ga
lkjq5t5bqtol06.com.de
louispasteur.app
loyalteam.top
lupgameso.xyz
lviacndidapinho.top
mahkus.cfd
malceon.yachts
manronxykrionline.com
marioadvisory.my.id
marioanalytics.my.id
mariomanagement.biz.id
mariosolutions.biz.id
mariostrategy.my.id
marmalade.hair
massaveveiculosltda.beauty
massaveveiculosltda.mom
massaveveiculosltda.yachts
matiasbrdez.com.de
matrugrupol.com
matthewmathis.mom
mdbox.one
megansmith.mom
megate.top
megaurbia.space
michellemartinezdds.mom
michelleshepherd.one
ministerfic.top
mjllfuytze.top
mnjkol.gq
monalisapicture.app
mondroushi.com
mosaiccolor.skin
mousaa.hair
movcr.ml
ms78.online
ms78.site
namokwow.gq
naovemdegarfonasopa.app
natfgt.gq
nathanielcastro.one
nauan.cfd
naverotable.top
nervously.makeup
networksoluction.click
newriderbrs.ml
newriderbrs.tk
nfiru.buzz
nfiru.monster
nfiru.site
nfiru.website
nfiru.xyz
nghny.tk
nhgj.ml
nixcontact.store
north-kazakhstan.su
notas-fiscais.com
nubucoha.makeup
nuevo2gameslop.xyz
nuevoconceti.xyz
nyjur.tk
nz5heahrw4dchm4wgp.ml
objectstream.ga
oktrabalhox021.ml
onmicrosoft.pro
operacional2019.services
orbag.sbs
organizacaoempresarial.top
orweb.yachts
osieofcorizon.fun
p6nkq.ga
p6nkq.ml
p6nkq.tk
paneladepressao.autos
paneladepressao.boats
patiently.makeup
patriciastark.cfd
paverotable.top
peppery.top
pharthenonplus.info
phonecloud.website
phonecocloud.website
phoneking.sbs
photonet.life
phseventos.store
pitagoras.app
planejamentoempresarialon.top
plussizeafter.gq
podsorocabaoficial.com.br
produtoeletro.my.id
produtosagricolas.skin
proevolution.ml
projetovigoroustein.host
prosistemfinancesa.com.de
questfor.top
quotation.hair
qxlkjymdph.top
r4uamrr7fueez.cf
r4uamrr7fueez.ga
randycollins.one
relicutils.top
repicdominic.xyz
representanteanaliz.life
rexxprhqnxk.buzz
rfzzglnkanb.top
rhondawatson.cfd
ribbitcuckoo.cfd
riosasgrosso.makeup
riskrumcongifu.makeup
roasted.top
robertlee.cfd
rodneyfoster.one
rodneygarcia.boats
rodoplanvix.info
rolexcity.bond
ronabetla.com
royaltybel.top
rqawppubzzx.top
run.app
ruthhogan.cfd
ruthipen.com.br
rwmaz1ewk6lk18.com.de
ryanmiles.boats
salko.gq
salvadorddalii.app
sandraporelli.com.br
saruhash.cfd
sathdusdaisybou.site
selfip.com
sellpower.top
sellsyourhome.org
senarmt.online
seuamor.online
seuamor.xyz
seusistemafinanceirosa.com.de
sfinanceirosa.com.de
sfinances.com.de
shelankul.mom
shelhamph.cfd
sherriroberts.boats
simmonitor.gq
sistemafinanceirosa.com.de
sistemcredita.com.de
sistemit.top
soelines.makeup
solfrio.tech
somaepromo.cloud
sometimes.makeup
spfsdin.makeup
stelarekauetelecome.info
stevejobsiphone.app
stupidity.hair
stylediamond.top
sysofficereconsiderar.com
systemadminister.institute
tabcoperoo.sbs
tanyamiller.cfd
tapetesgratuitos.makeup
teaworks.sbs
tecnofinancesa.com.de
terrybanks.boats
thargwicone.icu
theitchjasmine.online
therockefeller.app
thesweltering.cfd
thramonor.com
thukthanric.beauty
thunmuschet.com
tiendalatina.top
tigaasfgo.makeup
tigfswauan.makeup
tipvine.site
tjeme.com.mx
topglassfull.tk
trigobats.com
tripwiresan.top
turonbats.com
u9gq2b6u4iah07.com.de
uiofcikttzxnz.ml
unkempt.top
untried.top
urbanred.click
vabelhaekaliliousmmelarta.shop
vandisillusioned.casa
vanexchange.online
vanexuberant.top
vaninsidious.sbs
vannisteroy.cf
vararaknath.quest
vastercenterbr.com.de
vc0038oti94ikr954.ml
vcsczxsa.ga
vdfrt.ml
velhocego.app
vengefulsama.site
venumxmasz.club
vesfallerdez.com.de
vfevg.tk
vgfcn.ml
virddtual.top
vitalicious.tk
vitubtiagobuffetme.mobi
vladimir.ru
vofdwelkswagen.makeup
vonfierce.sbs
vzaquillesjkd.mobi
wb60ycll.ml
weaverlcome.top
winningeleven3.re
wiontechieq.bio
wke9c2ebsdoe15.com.de
woeteasene.one
worriedly.makeup
worthless.beauty
wulfhalconncromm.homes
wyekszloldhc.cfd
xczsrg.cf
xjpmorganx.app
xsarb.cf
xsbuqy.tk
xsvgcf.cf
xwcrfcv.ga
xxapocalipsexx.space
xyanavegador.makeup
xyzsystemads.cf
yi7qlaice.cf
yrqcxhixmoxp.cfd
zapaosnester.com
zasdfer.ga
zasdfer.gq
zmalkd.tk
zoicsson.yachts

IP's

102.37.141.218
102.37.146.123
102.37.152.149
102.37.155.46
103.145.13.111
107.158.94.13
137.135.127.65
139.144.212.143
139.144.212.88
140.99.223.103
146.0.79.23
146.0.79.25
15.228.13.156
15.228.16.45
15.228.46.182
15.229.1.40
15.229.26.142
158.69.110.219
167.114.4.172
172.174.70.30
172.86.70.241
173.209.59.170
18.118.78.11
18.223.102.186
18.231.161.239
181.41.200.72
185.101.92.25
185.101.92.9
185.101.93.102
185.101.93.138
185.101.93.170
185.101.93.178
185.101.93.181
185.101.93.192
185.101.93.63
185.101.93.95
185.101.94.126
185.101.94.149
185.101.94.186
185.101.94.22
185.225.74.100
185.250.205.88
185.74.222.7
188.191.106.171
191.235.78.80
191.6.210.101
20.121.119.89
20.197.233.142
20.197.233.196
20.201.114.109
20.203.196.228
20.226.249.209
20.239.166.4
20.244.39.91
20.25.181.202
20.38.37.160
20.5.65.48
23.102.139.85
23.102.184.147
23.102.91.186
24.152.36.75
31.192.107.165
31.192.107.193
34.135.1.100
34.176.182.245
34.29.127.135
34.74.162.235
35.226.160.162
37.120.222.88
37.228.132.123
37.228.132.153
37.228.132.199
37.228.132.205
37.228.132.206
37.228.132.207
37.228.132.40
37.228.132.91
38.54.45.105
38.54.57.153
4.240.84.251
45.143.223.193
45.35.6.2
45.40.96.241
45.66.249.14
45.81.224.52
45.87.3.238
5.181.156.86
50.114.32.234
51.120.247.2
52.67.134.119
64.44.101.158
72.167.133.152
72.167.141.220
78.47.145.94
80.190.75.44
80.85.139.45
80.89.239.12

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a