newmeforever.3utilities.com(79.134.225.19) - mailcious
79.134.225.19 - mailcious

ET POLICY DNS Query to DynDNS Domain *.3utilities .com

https://cdn.discordapp.com/attachments/886962207051640872/892144092044222504/E904A573.jpg

cdn.discordapp.com(162.159.129.233) - malware
162.159.134.233 - malware

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

79.134.225.19 - mailcious

http://securebiz.org/fhsgtsspen6/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true

mas.to(88.99.75.82)
znpst.top(14.51.96.70) - malware
api.2ip.ua(77.123.139.190)
securebiz.org(222.236.49.124) - malware
179.52.22.168
77.123.139.190
88.99.75.82
211.119.84.112

ET INFO TLS Handshake Failure
ET POLICY External IP Address Lookup DNS Query (2ip .ua)
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query to a *.top domain - Likely Hostile
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO HTTP Request to a *.top domain
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING Possible EXE Download From Suspicious TLD
ET DNS Query for .to TLD

152.67.253.163

mas.to(88.99.75.82)
88.99.75.82

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DNS Query for .to TLD
ET INFO TLS Handshake Failure

152.67.253.163

http://www.spdrum.com/hht8/?s0=akqkC1qa6osu+VkyIEAfeKsivhg8s+4l2pIhgwz5IUSXm2iFyKCcV1HI067tCuSIbGLBV4bv&CZ=7nH8XRk

www.yaotiaoshiguang.top()
www.spdrum.com(34.102.136.180)
34.102.136.180 - mailcious

ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE FormBook CnC Checkin (GET)

http://www.210wscottstj.info/gst0/?qR-Lurxp=V3Nsub7gmgGcOwV1QiIoiFMv6QW9B7NYrLcA52cO0TiWfOKB3Ad4fSFblZAfHfNk+l3dFhw3&TVjH9b=yjRhbdjx7T6
http://www.online-jahrescoaching.com/gst0/?qR-Lurxp=HOnpgsoWu1tI0vRU7bPBS/F4WSR7tzt3WnryFXWIF038xb9/ErYOiTChbxhvsAX18t0q5uAN&TVjH9b=yjRhbdjx7T6
http://www.tenerus.info/gst0/?qR-Lurxp=bc2H+CXb4LINBWU3lVJoOqaXvmmpTEGD7FcjeqVKIkzzFbbJSoSmq3taLbMHRMCHnKbjxC/N&TVjH9b=yjRhbdjx7T6

www.online-jahrescoaching.com(81.169.145.152)
www.tenerus.info(193.246.38.196)
www.210wscottstj.info(34.98.99.30)
34.98.99.30 - phishing
193.246.38.196 - mailcious
81.169.145.152 - malware

ET MALWARE FormBook CnC Checkin (GET)

https://vintagebri.com/.1.txt

vintagebri.com(107.180.75.214)
107.180.75.214

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)