216.166.148.187 - mailcious
65.152.201.203 - mailcious
60.51.47.65 - mailcious
185.56.175.122 - mailcious
62.99.79.77 - mailcious

https://7tgopa.am.files.1drv.com/y4mgxpWp6MuASym9689Gu9OG8JBEZdImPuWF8Jt3g9nSjLfECHCRL9ygUaWQdsoG1GX0-oc9EDP1KXA0U4UdMMnZ8kM8ogtP2jsnNr1wzR6tdejAJLZCL5AiCF5ZZL_P57JUsM_YPvJWRlHFbJb3lM5Ylmk9lcGLwSt3VvC6t138iQKIUjqgUVF1kjo191ujlXuc_A7R_tpWhoCYDTb1KQ5tw/LIGHT.bin?download&psid=1

darkeye.hopto.org(160.152.6.54) - mailcious
7tgopa.am.files.1drv.com(13.107.42.12)
onedrive.live.com(13.107.42.13) - mailcious
13.107.42.13 - mailcious
13.107.42.12 - malware
160.152.6.54 - mailcious

ET POLICY DNS Query to DynDNS Domain *.hopto .org
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

musicnote.soundcast.me(37.48.74.101) - malware
37.48.74.101

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

jamaru1444.myftp.biz(103.133.111.149)
103.133.111.149 - malware

ET INFO DYNAMIC_DNS Query to a Suspicious *.myftp.biz Domain
ET INFO Observed DNS Query to .biz TLD

103.133.111.149 - malware

musicnote.soundcast.me(37.48.74.101) - malware
37.48.74.101 - malware

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

musicnote.soundcast.me(37.48.74.101) - malware
37.48.74.101 - malware

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)