http://colisumy.com/dl/build2.exe - rule_id: 31026
http://zexeq.com/raud/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true - rule_id: 31029
http://116.203.165.188/9dfa7ee730fa2f1efb5ed51dbbec22f5
http://116.203.165.188/
http://zexeq.com/files/1/build3.exe - rule_id: 27913
http://116.203.165.188/config.zip
https://steamcommunity.com/profiles/76561199263069598 - rule_id: 32753
https://t.me/cybehost

t.me(149.154.167.99) - mailcious
colisumy.com(175.119.10.231) - malware
api.2ip.ua(162.0.217.254)
steamcommunity.com(69.192.92.139) - mailcious
zexeq.com(201.124.218.111) - malware
149.154.167.99 - mailcious
23.37.146.163
123.140.161.243 - mailcious
162.0.217.254
116.203.165.188
222.236.49.124

ET POLICY External IP Address Lookup DNS Query (2ip .ua)
ET INFO TLS Handshake Failure
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key
ET MALWARE Win32/Filecoder.STOP Variant Public Key Download
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET MALWARE Win32/Vodkagats Loader Requesting Payload
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Dotted Quad Host ZIP Request

http://colisumy.com/dl/build2.exe
http://zexeq.com/raud/get.php
http://zexeq.com/files/1/build3.exe
https://steamcommunity.com/profiles/76561199263069598