diff --git a/misp_modules/modules/expansion/dnstrails.py b/misp_modules/modules/expansion/dnstrails.py
index d2fd5e1..ffb4055 100644
--- a/misp_modules/modules/expansion/dnstrails.py
+++ b/misp_modules/modules/expansion/dnstrails.py
@@ -2,6 +2,7 @@ import json
 import logging
 import sys
 from dnstrails import DnsTrails
+from dnstrails import APIError
 
 log = logging.getLogger('dnstrails')
 log.setLevel(logging.DEBUG)
@@ -163,9 +164,31 @@ def expand_domain_info(api, misperror,domain):
                                   results['current_dns']['soa']['first_seen'])
                       })
 
-
     return r, status_ok
 
+
+def expand_subdomains(api, domain):
+
+    r = []
+    status_ok = False
+
+    try:
+        results = api.subdomains(domain)
+
+        if results:
+            status_ok = True
+            if 'subdomains' in results:
+                r.append({
+                    'type': ['domain'],
+                    'values': ['%s.%s' % (sub,domain) for sub in results['subdomains']],
+                }
+
+                )
+    except APIError as e:
+        misperrors['error'] = e
+    return r, status_ok
+
+
 def introspection():
     return mispattributes