can you see if these events can fit into the Malware data model
LogName=Application
SourceName=Trend Micro OfficeScan Server
EventCode=800
EventType=3
Type=Warning
ComputerName=XXXXXXX.XXXXXX.com
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=System
OpCode=None
RecordNumber=432219
Keywords=Classic
Message=C&C callback detected
Compromised Host: XXXXXX-XX93
IP Address: XX.XXX.19.XX
Domain: XXX prod-dba\
Date/Time: 1/2/2020 10:22:27
Callback address: xx.xxx.xx.43
C&C risk level: Dangerous
C&C list source: Relevance Rule
Action: Logged
