https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/03f126aa-6017-4520-92a2-c8112a6addd7/Task24Watch.exe?response-content-disposition=attachment%3B%20filename%3D%22Task24Watch.exe%22&AWSAccessKeyId=ASIA6KOSE3BNDUXZPH56&Signature=avwBuxkhd4Xgyixj2PMoYGET0Cg%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDEMf0%2F1ULRFra9C9SSK%2BAbVGxqOnGdvkQMEFBU0%2FF5kg6%2F4%2B0yBwTTPvUtiH8w9tjKMGuLIxouTSkyQPrmjHeqIuFXZoArYMHNan31MSIqcqQKgid1H5NS8ddkcKVW%2BhLj3OrmzhfPqif6CPZl1d6fUMX6wNPUdFX9ck2y7y2tn%2FGpmOAG2M5LDLEVeKC6yW1z5uxNT3isa69%2FTZk1uGwRJuKOV%2BvKyorHoxEf9ndewrbcqH4XNC38rhiWOPr9jrq5IEKnCVSHKkGvwUvSYo64%2FRnwYyLQEHG3flYspuy3K0djwJevY7Qp07PgKYmJk9mkBYg1wuoNRORGhmYCzHwiDmaw%3D%3D&Expires=1676955379
https://bitbucket.org/rpoverka/zhopa/downloads/MainModule.exe
https://bitbucket.org/rpoverka/zhopa/downloads/xmrig.exe
https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/b3a0e12f-e350-4a5c-8239-1cb38b0ef068/xmrig.exe?response-content-disposition=attachment%3B%20filename%3D%22xmrig.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJFRFBCRB&Signature=Igv5ADbIOFzJ%2FL1GdVUwoZJ1ANQ%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDGmgGod9JRtPIJ5J4iK%2BAZ%2BQf48tgsYZfpo4Jv0ino2j8ZYKs9z3%2F4NzmPnRh8UjeASue%2FAqqStw1rcdJ1Q4OZPvB9TxKnagXZ4zUSHd%2BMoCmzQTTS%2FEJ4X7Jet0ittMt%2BwyEeZlQpBVreTLIyHR7YL9OLNMvuZ%2BNo5LL4F%2FYZiU5tAhJG9ymJHifuKiVUG%2F7ws5w%2BEtN6zXSPHZgF0ke%2BCfYANSVAaxz9nGIdD4w2EDsUUiZP%2BdvKALJrgY19BYakB2ZKockBrXLbvh4XoonJDRnwYyLaJSIHYriwNaDqOPi%2FmZw7OZUkogXNtLqHRkzUkMTDnv8aSn%2BZV7kaEstYBcdg%3D%3D&Expires=1676955428
https://bitbucket.org/rpoverka/zhopa/downloads/Task24Watch.exe
https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/09293685-2c5d-4159-86d9-08c57e8e8de5/MainModule.exe?response-content-disposition=attachment%3B%20filename%3D%22MainModule.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHLH2DZ7U&Signature=VFctTT15Oy1pCiaL50jPJ9FZjcw%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDDlI4D0qJzDCLyV4sCK%2BATydA3JWrOh0cMOubezBVsXQR%2FU%2FxdqqCLfVyEmUqPgTWhLBPz5Zr5czddzsszsXHFjm1b9fwf0uSHkEq4y2CN6%2FZUsbdan4z2fd%2BjyC1AMdnaLr8W2WfpqEeTejTc9MrV1ptPEmwh%2BBAfQqD9A181S7BqhEy%2FzCiyvgPI8AQX2OJWvVbkdii83pzDQX6IWqUeaNaDx1vvVHQxH8tKUVPDiuO866bid5YIcvKCQpUgEJQXfHf9aZ%2BIlfNUYYjEko3Y7RnwYyLcKnJ4pxJmRnLWX47kqvK7YZM5DPIMVEnGMVLokXa6L%2BO%2FHbDJlhZEVB96P2tA%3D%3D&Expires=1676955237
https://transfer.sh/get/CxkjoH/96f0043345016b4bce68c3029a06ef3d.exe

bbuseruploads.s3.amazonaws.com(52.217.206.129) - malware
bitbucket.org(104.192.141.1) - malware
transfer.sh(144.76.136.153) - malware
52.217.40.228
52.216.212.249
104.192.141.1 - mailcious
168.119.228.126
144.76.136.153 - mailcious
54.231.132.1

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)
ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh)
ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)

https://cdn.discordapp.com/attachments/799336911722381343/911260072066310184/build.jpg

bing.com(13.107.21.200)
cdn.discordapp.com(162.159.130.233) - malware
204.79.197.200
162.159.135.233 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://ylleleri.xyz/
https://api.ip.sb/geoip

api.ip.sb(172.67.75.172)
ylleleri.xyz(80.78.246.22)
80.78.246.22
104.26.13.31