Versions (2)
Version DetailsCurrent
Rev: 1 • Apr 24, 2026, 12:00 PMET MALWARE Observed APT36 Domain (monitorondomainwintgt .store in TLS SNI)
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed APT36 Domain (monitorondomainwintgt .store in TLS SNI)"; flow:established,to_server; tls.sni; dotprefix; content:".monitorondomainwintgt.store"; endswith; fast_pattern; reference:url,x.com/goldenjackel12/status/2047562480315142260; classtype:trojan-activity; sid:2068968; rev:1; metadata:attack_target Client_Endpoint, created_at 2026_04_24, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, tag APT36, updated_at 2026_04_24;)
Apr 24, 2026, 12:00 PM
Apr 24, 2026, 12:00 PM
Apr 24, 2026, 8:35 PM
Apr 27, 2026, 10:34 PM
rules/emerging-malware.rules