77.105.164.24 - mailcious

ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Activity)

http://147.45.68.138/ - rule_id: 42298
http://147.45.68.138/sql.dll

147.45.68.138 - mailcious

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download

http://147.45.68.138/

147.45.47.36 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)

http://45.152.113.10/
http://45.152.113.10/92335b4816f77e90.php

45.152.113.10

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
https://t.me/edm0d

t.me(149.154.167.99) - mailcious
steamcommunity.com(104.74.170.104) - mailcious
149.154.167.99 - mailcious
116.203.6.46 - mailcious
104.74.170.104 - mailcious

ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

https://steamcommunity.com/profiles/76561199768374681

80.76.176.23 - malware

https://pkinfo.live/config.php

pkinfo.live(103.231.75.189) - mailcious
103.231.75.189 - mailcious