http://104.168.7.25/350/taskhostw.exe

107.173.4.16 -
104.168.7.25 - mailcious

ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

https://auntberry.xyz/pe/start/index.php?a=2910&p=4134&t=50784292

auntberry.xyz(104.21.67.155)
172.67.177.240 -

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://steamcommunity.com/profiles/76561199786602107 - rule_id: 42978
https://steamcommunity.com/profiles/76561199786602107
https://t.me/lpnjoke

t.me(149.154.167.99) - mailcious
steamcommunity.com(104.75.41.21) - mailcious
149.154.167.99 -
104.76.74.15 -
116.203.12.50 -

ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://steamcommunity.com/profiles/76561199786602107

http://103.106.0.20:57540/qVGO
http://103.106.0.20:57540/ga.js

103.106.0.20 - malware

ET MALWARE Cobalt Strike Beacon Observed
ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1

http://130.61.181.50/ransomware/persistance.exe

130.61.181.50 - malware

ET INFO Executable Download from dotted-quad Host
ET HUNTING curl User-Agent to Dotted Quad
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

idabo.duckdns.org()
135.148.195.248

ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

http://coach.028csc.com:81/update.exe
http://coach.028csc.com:81/libcurl.dll
http://coach.028csc.com:81/CrazyCoach.exe
http://coach.028csc.com:81/CrazyCoach.exe.txt

s.z163.xyz(45.32.92.201)
coach.028csc.com(47.240.68.28)
47.240.68.28
45.32.92.201

ET POLICY Unsupported/Fake Windows NT Version 5.0
ET POLICY PE EXE or DLL Windows file download HTTP
ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.