1116.hopto.org(185.140.53.9) - mailcious
185.140.53.9 - mailcious

ET MALWARE Possible NanoCore C2 60B
ET POLICY DNS Query to DynDNS Domain *.hopto .org

1116.hopto.org(185.140.53.9) - mailcious
185.140.53.9 - mailcious

ET POLICY DNS Query to DynDNS Domain *.hopto .org
ET MALWARE Possible NanoCore C2 60B

http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php - rule_id: 5674

74f26d34ffff049368a6cff8812f86ee.gq(104.21.62.32) - mailcious
104.21.62.32 - mailcious

ET INFO DNS Query for Suspicious .gq Domain
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.gq domain
ET INFO HTTP Request to a *.gq domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response

http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php

pool.hashvault.pro(131.153.76.130) - mailcious
131.153.76.130 - mailcious

ET POLICY Cryptocurrency Miner Checkin

cx55566.tmweb.ru(92.53.96.4) - malware
pool.supportxmr.com(37.187.95.110) - mailcious
92.53.96.4 - malware
91.121.140.167 - mailcious

ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET POLICY Cryptocurrency Miner Checkin

91.121.140.167 - mailcious

131.153.76.130 - mailcious

https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip - rule_id: 2610

github.com(15.164.81.167) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
sanctam.net() - mailcious
52.78.231.108 - malware
185.199.109.133 - mailcious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip

pool.supportxmr.com(37.187.95.110) - mailcious
37.187.95.110

ET POLICY Cryptocurrency Miner Checkin