SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://srtk.hometax.go.kr/download/jquery-1.11.1.min.js
https://srtk.hometax.go.kr/download/img/security_pop_bt_close.png
https://srtk.hometax.go.kr/download/cri.css?v=1
https://srtk.hometax.go.kr/download/components/enc-cp949-min.js
https://srtk.hometax.go.kr/download/cri_ems_nt.js?v=1
https://srtk.hometax.go.kr/download/rollups/seed.js
https://srtk.hometax.go.kr/download/rollups/md5.js
https://srtk.hometax.go.kr/download/rollups/aes.js
https://srtk.hometax.go.kr/download/img/security_pop_ic_lock.png

srtk.hometax.go.kr(116.67.103.155)
116.67.103.155

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

138.201.120.172 - mailcious

ET MALWARE Arechclient2 Backdoor CnC Init

api.ipify.org(104.237.62.212)
64.185.227.156

ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/Oe5nV
https://uploaddeimagens.com.br/images/004/666/683/original/js.jpg?1700183864
http://91.92.246.47/3fgwx.txt

paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
104.21.84.67 - malware
172.67.215.45 - malware

ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)