http://voucher-01-static.com/rkei/1085.txt - rule_id: 41118

voucher-01-static.com(91.92.243.32) - malware
91.92.243.32 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET POLICY Possible HTA Application Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download

http://voucher-01-static.com/rkei/1085.txt

http://192.3.243.156/okayneweragifcometo.gif - rule_id: 41106
http://192.3.243.156/okayneweragifcometo.gif
http://41.216.183.13/Users_API/BrainiacMAX/file_forlcsf2.awx.txt

192.3.243.156 - mailcious
41.216.183.13 - mailcious

ET DROP Spamhaus DROP Listed Traffic Inbound group 3

http://192.3.243.156/okayneweragifcometo.gif

https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe
https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207

bbuseruploads.s3.amazonaws.com(52.217.138.65) - malware
bitbucket.org(104.192.141.1) - malware
3.5.29.53
185.215.113.67 - mailcious
104.192.141.1 - mailcious

ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://voucher-01-static.com/kvro/1284.txt

voucher-01-static.com(91.92.243.32) - malware
91.92.243.32 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 13

43.143.246.38 - malware