ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Telegram API Domain in DNS Lookup
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SURICATA Applayer Detect protocol only one direction
ET INFO TLS Handshake Failure
ET MALWARE Generic AsyncRAT Style SSL Cert