ET INFO DYNAMIC_DNS Query to a *.run .place Domain
ET HUNTING Telegram API Domain in DNS Lookup
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Generic AsyncRAT Style SSL Cert