107.155.162.25 - malware

ET INFO Executable Download from dotted-quad Host

begadi.ga(93.189.42.91) - mailcious
93.189.42.91

ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

https://myexternalip.com/raw

myexternalip.com(216.239.32.21)
94.130.171.63
31.185.104.19
147.135.6.69
176.9.40.131
216.239.36.21 - suspicious
108.53.208.157
37.120.174.249 - mailcious

ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 577
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 222
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 287
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 166
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

88canada.com(162.214.117.7) - mailcious
162.214.117.7 - mailcious

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

www.housecleaningacblondon.com(160.153.16.14)
farmlyfairng.com(65.60.5.219) - mailcious
65.60.5.219 - mailcious
160.153.16.14 - malware

SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP