Versions (2)
Version DetailsCurrent
Rev: 1 • Apr 24, 2026, 12:00 PMET MALWARE Observed DNS Query to APT36 Domain (esevasecurefile .store)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Observed DNS Query to APT36 Domain (esevasecurefile .store)"; dns.query; dotprefix; content:".esevasecurefile.store"; nocase; endswith; reference:url,x.com/goldenjackel12/status/2047562480315142260; classtype:trojan-activity; sid:2068965; rev:1; metadata:attack_target Client_Endpoint, created_at 2026_04_24, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, tag APT36, updated_at 2026_04_24;)
Apr 24, 2026, 12:00 PM
Apr 24, 2026, 12:00 PM
Apr 24, 2026, 8:35 PM
Apr 27, 2026, 10:34 PM
rules/emerging-malware.rules