185.215.113.77 - malware

ET DROP Spamhaus DROP Listed Traffic Inbound group 24

http://34.88.140.135//l/f/L1VU1nkBuI_ccNKoeTXp/cc8a94f61ad1ac31ed9d2c0f0fef1ca23f6e10e5
http://veronika.ac.ug/index.php
http://veronikaa.ac.ug/softokn3.dll
http://veronikaa.ac.ug/sqlite3.dll
http://veronikaa.ac.ug/freebl3.dll
http://34.88.140.135/
http://185.215.113.77/axcxcvhgfc.exe
http://185.215.113.77/ac.exe
http://185.215.113.77/oxcxcvhgfc.exe
http://185.215.113.77/rc.exe
http://185.215.113.77/ds1.exe
http://185.215.113.77/ds2.exe
http://185.215.113.77/cc.exe
http://34.88.140.135//l/f/L1VU1nkBuI_ccNKoeTXp/60386bf3c5b2b54595947b12ff770ab9abe3aa9a
https://tttttt.me/brikitiki
https://cdn.discordapp.com/attachments/720918485122940978/850158871501602823/Cdfyxciknlozqdclvjieazyvhyfqdvt
https://cdn.discordapp.com/attachments/720918485122940978/850158270907678730/Xypgtvglqrlgdvgezyimsisukuqhicz

brudfascaqezd.ac.ug() - mailcious
tttttt.me(95.216.186.40) - mailcious
cdn.discordapp.com(162.159.129.233) - malware
nothinglike.ac.ug(79.134.225.25) - mailcious
veronikaa.ac.ug(185.215.113.77) - mailcious
veronika.ac.ug(185.215.113.77) - malware
34.88.140.135
95.216.186.40 - mailcious
162.159.130.233 - malware
79.134.225.25
185.215.113.77 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DROP Spamhaus DROP Listed Traffic Inbound group 24
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

http://playboby.com:1111/4etO

playboby.com(183.111.122.107)
183.111.122.107

http://114.47.80.66:60/img/1_01.jpg
http://114.47.80.66:60/css/bootstrap.min.css
http://114.47.80.66:60/js/bootstrap.min.js
http://lib.sinaapp.com/js/jquery/1.8.3/jquery.min.js
http://114.47.80.66:60/
http://114.47.80.66:60/img/1_02.jpg
http://114.47.80.66:60/favicon.ico
http://114.47.80.66:60/css/style.css

lib.sinaapp.com(183.60.187.57)
183.60.187.58 - malware
114.47.80.66

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

http://23.95.122.53/pawpaw/u.wbk
http://bit.do/fQXx8
http://papaya.gotdns.ch/pawpaw/uwa.exe
http://bit.do/

bit.do(54.83.52.76) - mailcious
papaya.gotdns.ch(23.95.122.53) - mailcious
23.95.122.53 - mailcious
54.83.52.76 - suspicious

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Possible RTF File With Obfuscated Version Header