Detects an executable, which is not an internet browser, making DNS request to legit popular websites, which were seen to be used as dead drop resolvers in previous attacks.

Detects downloads from PwnDrp web servers developed for red team testing and most likely also used for criminal activity

Detects direct access to raw pastes in different paste services often used by malware in their second stages to download malicious code in encrypted or encoded form