209.159.151.5

ET MALWARE Possible NanoCore C2 60B

http://193.57.40.74:8110/ptj
http://193.57.40.74:8110/Kn5n

193.57.40.74 - suspicious

ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)

http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://pastebin.com/raw/W63zsRav - rule_id: 101
https://api.ipify.org/

api.ipify.org(54.243.161.145)
crt.comodoca.com(91.199.212.52)
pastebin.com(104.23.98.190) - mailcious
91.199.212.52
104.23.98.190 - suspicious
54.235.142.93

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://pastebin.com/raw/W63zsRav

http://115373.com/

makemoneywithus.work(188.225.75.54) - mailcious
clkfeed.com(173.192.101.21) - mailcious
infopicked.com(173.192.101.24) - mailcious
p277439.infopicked.com(173.192.101.24) - mailcious
115373.com(47.245.55.138)
47.245.57.170
173.192.101.21 - suspicious
95.216.179.33
173.192.101.24 - suspicious
188.225.75.54 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed DNS Query to .work TLD
ET INFO HTTP Request to Suspicious *.work Domain
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

https://pastebin.com/raw/W63zsRav - rule_id: 101

pastebin.com(104.23.99.190) - mailcious
104.23.98.190 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://pastebin.com/raw/W63zsRav