Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 8, 2023, noon	Oct. 8, 2023, 12:02 p.m.

Size	933.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`6e45986a505bed78232a8867b5860ea6`
SHA256	`c957aa07aa1dd6d58aff2431b56b2139a0c2d5d6b34d20a978767e0daab58829`
CRC32	`9E7D6A33`
ssdeep	`12288:K72HTp/D0DpEE3M51qvii3mmm6AV5Cqylkg5ZQnXlV5Za5Za5Zj:GA4JM5kRhAVdcpmt44F`
PDB Path	mblctr.pdb
Yara	UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

ss47.exe "C:\Users\test22\AppData\Local\Temp\ss47.exe"
2540

Name	Response	Post-Analysis Lookup
z.nnnaajjjgc.com	A 156.236.72.121	156.236.72.121

IP Address	Status	Action
156.236.72.121	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49161 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49163 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49164	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49166 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49167 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49168	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49170 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49171 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49174 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49172	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49180	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49176	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49182 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49184	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49188	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49183 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49186 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49193	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49233	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49208 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49241	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49187 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49205	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49213	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49197	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49245	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49217	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49229	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49255 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49221	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49231 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49225	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49249	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49287 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49292 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49261	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49296 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49297	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49268 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49305	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49277	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49269	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49309	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49283 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49312 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49293	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49281	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49317	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49308 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49301	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49327 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49319 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49335 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49359 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49253	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49347 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49373	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49367 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49257	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49265	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49237	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49273	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49239 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49311 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49315 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49289	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49295 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49320 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49304 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49307 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49332 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49321	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49333	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49323 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49331 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49336 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49337	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49351 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49401	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49343 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49349	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49381	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49407 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49352 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49392 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49364 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49397	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49413	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49368 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49417	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49403 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49353	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49201	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49355 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49209	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49423 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49356 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49344 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49424 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49375 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49387 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49427 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49405	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49429	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49445	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49408 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49436 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49409	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49448 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49415 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49419 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49456 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49420 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49285	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49437	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49313	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49441	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49324 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49444 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49465	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49325	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49452 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49329	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49455 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49469	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49447 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49360 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49473	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49451 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49369	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49453	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49339 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49475 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49340 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49388 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49481	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49391 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49484 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49341	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49404 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49361	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49495 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49416 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49443 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49345	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49449	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49507 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49348 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49467 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49357	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49485	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49365	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49371 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49497	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49512 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49372 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49501	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49376 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49508 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49380 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49519 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49460 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49383 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49468 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49488 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49524 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49489	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49499 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49491 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49503 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49493	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49515 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49500 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49528 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49509	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49531 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49535 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49532 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49377	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49539 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49379 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49516 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49385	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49521	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49393	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49523 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49395 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49525	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49421	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49425	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49543 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49428 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49431 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49433	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49544 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49439 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49440 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49545	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49457	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49464 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49547 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49476 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49551 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49384 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49389	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49561	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49552 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49396 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49559 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49400 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49565	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49563 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49548 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49411 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49549	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49412 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49573	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49432 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49555 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49459 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49576 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49569	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49461	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49560 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49577	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49471 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49472 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49477	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49580 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49479 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49583 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49567 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49584 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49589	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49480 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49587 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49487 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49605	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49492 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49609	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49527 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49620 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49529	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49624 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49533	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49639 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49536 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49581	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49597	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49540 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49600 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49564 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49593	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49568 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49607 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49571 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49623 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49572 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49608 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49627 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49575 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49628 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49579 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49631 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49588 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49641	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49611 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49657	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49632 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49672 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49645	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49655 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49688 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49659 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49669	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49675 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49677	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49705	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49680 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49681	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49709	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49684 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49697	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49711 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49701	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49712 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49704 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49715 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49717	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49733	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49739 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49613	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49625	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49755 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49637	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49759 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49741	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49640 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49768 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49761	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49643 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49772 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49647 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49767 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49779 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49661	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49769	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49773	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49671 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49781	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49687 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49785	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49691 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49483 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49496 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49648 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49504 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49505	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49513	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49660 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49517	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49520 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49537	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49668 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49799 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49692 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49804	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49792 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49708 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49585	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49719 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49591 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49724 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49595 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49725	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49599 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49728 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49541	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49731 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49553	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49745	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49556 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49787 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49557	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49788 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49592 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49791 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49795 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49596 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49796 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49615 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49803 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49616 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49617	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49695 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49696 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49619 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49699 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49636 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49700 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49644 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49720 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49649	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49721	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49651 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49673	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49752 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49676 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49685	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49693	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49703 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49729	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49735 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49737	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49743 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49749	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49757	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49760 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49763 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49771 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49797	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49601	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49603 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49604 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49612 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49621	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49764 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49765	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49629	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49775 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49780 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49783 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49784 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49633	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49789	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49635 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49652 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49653	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49656 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49663 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49664 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49665	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49667 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49679 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49683 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49689	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49707 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49713	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49716 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49723 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49727 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49732 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49736 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49740 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49744 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49747 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49748 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49751 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49753	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49756 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49776 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49777	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49793	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49806 -> 156.236.72.121:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

mblctr.pdb

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	MUI
resource name	WEVT_TEMPLATE

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 8, 2023, 11:52 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000ffe86000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 events)

Bkav	W32.Common.388B0D59
Lionic	Trojan.Win32.Fabookie.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader45.63815
MicroWorld-eScan	Trojan.GenericKD.69589446
ALYac	Trojan.GenericKD.69589446
Malwarebytes	Malware.AI.152705008
Alibaba	Trojan:Win64/GenKryptik.90bcf2b0
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D425D9C6
VirIT	Trojan.Win64.Agent.XD
Cyren	W64/ABRisk.VDXE-4132
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/GenKryptik.GMMZ
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Fabookie.bvu
BitDefender	Trojan.GenericKD.69589446
NANO-Antivirus	Trojan.Win64.Fabookie.kbtvtx
Avast	Win64:Malware-gen
Tencent	Win32.Trojan.Fabookie.Dzlw
Emsisoft	Trojan.GenericKD.69589446 (B)
F-Secure	Trojan.TR/AD.Swrort.vmdvv
VIPRE	Trojan.GenericKD.69589446
McAfee-GW-Edition	RDN/Generic Downloader.x
FireEye	Trojan.GenericKD.69589446
Sophos	Mal/Generic-S
Avira	TR/AD.Swrort.vmdvv
MAX	malware (ai score=89)
Gridinsoft	Trojan.Win64.Gen.bot
Microsoft	Trojan:Win64/Znyonm
ZoneAlarm	Trojan.Win32.Fabookie.bvu
GData	Trojan.GenericKD.69589446
Google	Detected
AhnLab-V3	Malware/Win.Generic.C5465291
McAfee	RDN/Generic Downloader.x
Cylance	unsafe
Panda	Trj/Chgt.AD
Rising	Downloader.Agent!8.B23 (TFE:2:EmnL0dJ0FNC)
Ikarus	Trojan.SuspectCRC
Fortinet	W64/GenKryptik.GMMZ!tr
AVG	Win64:Malware-gen
DeepInstinct	MALICIOUS

ss47.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All