alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING UNK_DeadDrop Domain in TLS SNI (nxlog .tech)"; flow:established,to_server; tls.sni; dotprefix; content:".nxlog.tech"; endswith; fast_pattern; classtype:social-engineering; sid:2069563; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, tls_state TLSEncrypt, created_at 2026_06_01, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Phishing, tag Description_Generated_By_Proofpoint_Nexus, tag UNK_DeadDrop, updated_at 2026_06_01, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1566, mitre_technique_name Phishing;)