rule Discord_URL_Encodings {
	meta:
		description = "Detects various encoded forms of Discord URLs, indicative of potential malicious activity."
		author = "Andy Giron Datadog"
		reference = "12/01/23"
		date = "12/01/23"
	strings:
		$discord_url = "https://discord.com/" ascii wide
		$string_base64 = "aHR0cHM6Ly9kaXNjb3JkLmNvbS8=" ascii wide
		$string_hex = "68747470733a2f2f646973636f72642e636f6d2f" ascii wide
		$reversed_str = "moc.drocsid//:sptth" ascii wide
	condition:
		1 of them
}