http://148.163.12.101/WMndFrdk?keyword=Other&cost=0.00100&ad_campaign_id=262704&source=145866 - mailcious
http://148.163.12.101/favicon.ico

148.163.12.101 - suspicious
117.18.232.200 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex

http://148.163.12.101/WMndFrdk?keyword=Other&cost=0.00100&ad_campaign_id=262704&source=145866 - mailcious
http://148.163.12.101/favicon.ico

148.163.12.101 - suspicious
117.18.232.200 - suspicious

ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://213.159.203.207/views/skrn6qr44d66b4su7l4mb7fn9g.html - mailcious
http://213.159.203.207/favicon.ico - mailcious
http://213.159.203.207/js/6mp75mrcneiao6mv9bs2hu4dio.js - mailcious
http://213.159.203.207/views/39568v88okflvrm32vjbpjhifk.wav - mailcious
http://213.159.203.207/js/5ufk8dm79f970m12eg3s3ve668.js - mailcious
http://213.159.203.207/pubs/wiki.php?id=c6ace51877562f71afd4cde337219bca - mailcious
http://213.159.203.207/views/cqav0036cnsnbu6kd838mercoc.html - mailcious
http://213.159.203.207/views/6hs75l43nq5ncs5sofsoju488c.wav - mailcious
http://213.159.203.207/static/encrypt.min.js - mailcious
http://213.159.203.207/images/captcha.png?mod=attachment&u=074b10c4a67782261787d41480dbf00f - mailcious
http://213.159.203.207/views/h1lmonj5nh7hp739nba7h35jd4.html - mailcious
http://148.163.12.101/WMndFrdk?keyword=Other&cost=0.00100&ad_campaign_id=262704&source=145866 - mailcious
http://213.159.203.207/index.php?ad_campaign_id=262704&browser=Internet+Explorer&browser_version=9.0&country=KR&id=698&os=Windows&os_version=7 - mailcious
http://213.159.203.207/logo.swf - mailcious
http://213.159.203.207/pubs/servlet.php?fp=2abeac5282f2ae091db572603cbaa02e&lang=ko&token=&id=49602&sign=938bd0beadca9b848022cf434d97cb8d&validate=a34aa5353b547a91cf614c3ecc315917 - mailcious
http://213.159.203.207/views/b2se621smc4mffu2dics90qo04.swf - mailcious
http://213.159.203.207/static/tinyjs.min.js - mailcious
http://213.159.203.207/pubs/article.php?id=4e50e2ab1e3c1563c7977f5d98129804 - mailcious
https://app.getmoney.tech/jrwtRpMp?cost={cost}¤cy=usd&external_id=${SUBID}&creative_id={bannerid}&ad_campaign_id={campaignid}&source={zoneid}

www.lookupdns.club(213.159.203.205)
app.getmoney.tech(148.163.12.101)
www.getmoney.tech(148.163.12.107)
148.163.12.101 - suspicious
148.163.12.107
213.159.203.207 - suspicious
213.159.203.205
117.18.232.200 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET EXPLOIT_KIT Underminer EK Resource File Download M1
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY Outdated Flash Version M1
ET EXPLOIT_KIT Underminer EK SWF Request
ET EXPLOIT_KIT Underminer EK Resource File Download M2

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious
117.18.232.200 - suspicious

ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious

ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious

ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious
117.18.232.200 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious

ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious
117.18.232.200 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

http://151.80.220.125/mmc/26848M.exe - malware

151.80.220.125 - suspicious
117.18.232.200 - suspicious

ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response