ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Generic AsyncRAT Style SSL Cert
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)