JDkGqaSrgKXZ.JDkGqaSrgKXZ()
121.254.136.18

https://db-ip.com/demo/home.php?s=175.208.134.152

ipinfo.io(34.117.186.192)
db-ip.com(172.67.75.166)
65.109.90.47
172.67.75.166
34.117.186.192

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE Suspected RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
ET MALWARE [ANY.RUN] RisePro TCP (Activity)

http://192.3.176.151/450/conhost.exe

192.3.176.151 - malware

ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

https://textbin.net/raw/ezjmofz3s6
https://pasteio.com/download/xAQPk2LZvQUH

textbin.net(148.72.177.212) - mailcious
148.72.177.212 - mailcious

ET INFO Pastebin-style Service (textbin .net in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://198.12.89.27/1231/conhost.exe

198.12.89.27 - malware

ET INFO Executable Download from dotted-quad Host

http://apps.identrust.com/roots/dstrootcax3.p7c
https://i.alie3ksgaa.com/sta/imagd.jpg

i.alie3ksgaa.com(154.92.15.189) - mailcious
154.92.15.189 - mailcious
121.254.136.18

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)