http://12.163.208.58/mt6qoeiz/
http://magnusdc.com/MR/

12.163.208.58
138.201.86.169

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://49.243.9.118/qzjUCn2v3qw/FuF1KKEgq9lp7l/M8YTljf14/TuxVukut4f16XD/9Pu1pXenc7h/jvZz/

49.243.9.118

http://domainsecuritycheckingforcloudfilesharei.duckdns.org/wd/vbc.exe

198.23.221.196

ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2

http://12.163.208.58/HFKUNB4U8L3cb/J1JTLJE3Rp0hdQapp7X/RrfMD0mquQk3/05Nk6kB8kheLUjoe/
http://magnusdc.com/MR/

12.163.208.58
138.201.86.169

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP

http://77.74.78.80:443/3nLb5H6n5Ux499/ZBefQKL1DrCCN/iInlctpe/pYB4v5fF7I2PE/AInJbCSZMGU5yeP90Rj/
http://105.209.235.113:8080/gfLfAHHMKfby5N/

105.209.235.113
118.110.236.121
149.202.5.139
153.92.4.96
51.75.163.68
77.74.78.80

ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 19
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET CNC Feodo Tracker Reported CnC Server group 22
ET POLICY HTTP traffic on port 443 (POST)

http://12.163.208.58/imRF5QG/Z2ACeRo8sr/BJYuMps/OlsZZfJ/

12.163.208.58