Astaroth
· Published 21/12/2025 02:52 · Modified 21/12/2025 02:52
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 02:52
- Modified
- 21/12/2025 02:52
- Updated at
- 21/12/2025 02:52
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 31 attack patterns (mitre), 4 malware, 1 sectors, 14 countries, 86 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 MITRE 2 Malwares 20 Observables 1 APTPublished 08/01/2026 18:12 · Modified 09/01/2026 09:36
Attack patterns (MITRE) (31)
-
T1074.001 usesLocal Data Staging
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1074.002 usesRemote Data Staging
-
T1056.001 usesKeylogging
-
T1071 usesApplication Layer Protocol
-
T1027 usesObfuscated Files or Information
-
T1573.001 usesSymmetric Cryptography
-
T1588.002 usesTool
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1588.001 usesMalware
-
T1059.001 usesPowerShell
-
T1560 usesArchive Collected Data
-
T1036.003 usesRename Legitimate Utilities
-
T1027.002 usesSoftware Packing
-
T1573 usesEncrypted Channel
-
T1204.002 usesMalicious File
-
T1003.001 usesLSASS Memory
-
T1102.002 usesBidirectional Communication
-
T1059.003 usesWindows Command Shell
-
T1083 usesFile and Directory Discovery
-
T1071.001 usesWeb Protocols
-
T1036 usesMasquerading
-
T1571 usesNon-Standard Port
-
T1059.006 usesPython
-
T1078 usesValid Accounts
-
T1059.005 usesVisual Basic
-
T1055 usesProcess Injection
-
T1003 usesOS Credential Dumping
-
T1132.001 usesStandard Encoding
-
T1566 usesPhishing
-
T1102.003 usesOne-Way Communication
Malware (4)
- Ousaban
-
Astaroth - S0373 usesFamilyPublished 19/05/2026 22:26 · Modified 19/05/2026 22:26
-
Guildma usesFamilyPublished 19/05/2026 22:26 · Modified 19/05/2026 22:26
-
Mekotio usesFamilyPublished 19/05/2026 22:26 · Modified 19/05/2026 22:26
Sectors (1)
- Finance targets
Countries (14)
- Mexico targets
- Argentina targets
- Ecuador targets
- Chile targets
- Brazil targets
- Italy targets
- Peru targets
- Portugal targets
- Bolivia, Plurinational State of targets
- Colombia targets
- Paraguay targets
- Uruguay targets
- Panama targets
- Venezuela, Bolivarian Republic of targets
Indicators (86)
-
wba0s.produtoeletro.my.idindicates -
d972675774f28e7f5ad206f420470925c4fdbca681816a19aa91a6d054b8f55aindicates -
wae4w.mariomanagement.biz.idindicates -
3bd6a6b24b41ba7f58938e6eb48345119bbaf38cd89123906869fab179f27433indicates -
scrivinlinfer.medicinatramp.icuindicates -
b712286d4d36c74fa32127f848b79cfb857fdc2b1c84bbbee285cf34752443a2indicates -
caiiaf.businesswise.biz.idindicates -
28515ea1ed7befb39f428f046ba034d92d44a075cc7a6f252d6faf681bdba39cindicates -
http://9.tcp.ngrok.io:24080indicates -
7418ffa31f8a51a04274fc8f610fa4d5aa5758746617020ee57493546ae35b70indicates -
094e722972e6e4d2858dd2447d30c7025e7446f4ca60a7dc5a711f906ab5b1a0indicates -
clafenval.medicarium.helpindicates -
nweow8.mariostrategy.my.idindicates -
7609973939b46fe13266eacd1f06b533f8991337d6334c15ab78e28fa3b320beindicates -
c185a36317300a67dc998629da41b1db2946ff35dba314db1a580c8a25c83ea4indicates -
http://7.tcp.ngrok.io:22426indicates -
coffe-estilo.comindicates -
w3iuwl.nextmax.my.idindicates -
http://9.tcp.ngrok.io:23955indicates -
bb0f0be3a690b61297984fc01befb8417f72e74b7026c69ef262d82956df471eindicates -
7c7dc2065e295eb7ec60d1f8f552e455468e19e731ad20005833d71fa1371f50indicates -
2joafm.marioanalytics.my.idindicates -
f262434276f3fa09915479277f696585d0b0e4e72e72cbc924c658d7bb07a3ffindicates -
http://5.tcp.ngrok.io:22934indicates -
251cde68c30c7d303221207370c314362f4adccdd5db4533a67bedc2dc1e6195indicates -
a48ce2407164c5c0312623c1cde73f9f5518b620b79f24e7285d8744936afb84indicates -
5d929876190a0bab69aea3f87988b9d73713960969b193386ff50c1b5ffeadd6indicates -
19ff02105bbe1f7cede7c92ade9cb264339a454ca5de14b53942fa8fbe429464indicates -
empautlipa.comindicates -
strosonvaz.medicoassocidos.helpindicates -
05ef393f6e6d3f8e1ba15eec63a1c2121744400d322a03c9c8e26c1ed58cb6a7indicates -
brusar.trovaodoceara.autosindicates -
0tuiwp.mariomanagement.biz.idindicates -
4hawb.produtoeletro.my.idindicates -
ed9f268ba7acdcbaeedd40a5c538c6a2637fd41a546363ed7587a6c2e5cdf02bindicates -
4a6db7ffbc67c307bc36c4ade4fd244802cc9d6a9d335d98657f9663ebab900findicates -
5c4a89c81be51e9e048cf3624d4a44fd4355cf6bf56a3c10217d3d3037410b55indicates -
e0aonr.creativeplus.my.idindicates -
http://1.tcp.us-cal-1.ngrok.io:24521indicates -
frecil.medicinatramp.beautyindicates -
025dccd4701275d99ab78d7c7fbd31042abbed9d44109b31e3fd29b32642e202indicates -
6168d63fad22a4e5e45547ca6116ef68bb5173e17e25fd1714f7cc1e4f7b41e1indicates -
4bc87764729cbc82701e0ed0276cdb43f0864bfaf86a2a2f0dc799ec0d55ef37indicates -
w8oaa0.mariosolutions.biz.idindicates -
wiae5.marioadvisory.my.idindicates -
b8afd6640de8feed1774e8db3d428c0f1bca023324bb7de9a5eb99db2ea84e26indicates -
7c54d4ef6e4fe1c5446414eb209843c082eab8188cf7bdc14d9955bdd2b5496dindicates -
https://91.220.167.72indicates -
stroal.medicoassocidos.beautyindicates -
073d3c77c86b627a742601b28e2a88d1a3ae54e255f0f69d7a1fb05cc1a8b1e4indicates -
b45d8630d54c8d39e3554e0c5a71003d818617e07953520a8638f0935f04dc85indicates -
sprudiz.medicinatramp.clickindicates -
049849998f2d4dd1e629d46446699f15332daa54530a5dad5f35cc8904adea43indicates -
kka5c.marioanalytics.my.idindicates -
01d1ca91d1fec05528c4e3902cc9468ba44fc3f9b0a4538080455d7b5407adcdindicates -
a235d2e44ea87e5764c66247e80a1c518c38a7395291ce7037f877a968c7b42bindicates -
db9d00f30e7df4d0cf10cee8c49ee59a6b2e518107fd6504475e99bbcf6cce34indicates -
gramgunvel.medicoassocidos.beautyindicates -
xwago.creativeplus.my.idindicates -
nqaa8e.businesswise.biz.idindicates -
gluminal188.trovaodoceara.sbsindicates -
40appspot.gserviceaccount.comindicates -
237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95dindicates -
4fa9e718fca1fa299beab1b5fea500a0e63385b5fe6d4eb1b1001f2abd97a828indicates -
3b9397493d76998d7c34cb6ae23e3243c75011514b1391d1c303529326cde6d5indicates -
098630efe3374ca9ec4dc5dd358554e69cb4734a0aa456d7e850f873408a3553indicates -
eeiul.marioadvisory.my.idindicates -
centrogauchodabahia123.comindicates -
yaiinr.actiongroup.my.idindicates -
4b20b8a87a0cceac3173f2adbf186c2670f43ce68a57372a10ae8876bb230832indicates -
http://1.tcp.sa.ngrok.io:20262indicates -
blojannindor0.trovaodoceara.motorcyclesindicates -
8d912a99076f0bdc4fcd6e76c51a1d598339c1502086a4381f5ef67520a0ddf2indicates -
cua3e.mariosolutions.biz.idindicates -
6d7148b180367e84763690fc57cbd526433026f50dc0c029b00a714ba1660cd3indicates -
trisinsil.medicesterium.helpindicates -
11f0d7e18f9a2913d2480b6a6955ebc92e40434ad11bed62d1ff81ddd3dda945indicates -
9081b50af5430c1bf5e84049709840c40fc5fdd4bb3e21eca433739c26018b2eindicates -
34207fbffcb38ed51cd469d082c0c518b696bac4eb61e5b191a141b5459669dfindicates -
h4aowa.mariostrategy.my.idindicates -
1fc9dc27a7a6da52b64592e3ef6f8135ef986fc829d647ee9c12f7cea8e84645indicates -
1e101fbc3f679d9d6bef887e1fc75f5810cf414f17e8ad553dc653eb052e1761indicates -
miportuarios.comindicates -
6e1434e0f8cd402f8acb0aade942c86d6b62cd6aa3927053f25fdf57ed384b47indicates -
lwafa.actiongroup.my.idindicates -
1a9113491deb9f21c590de4f7e9e370594e47431be482b32f8a5234ad7545a0bindicates