ET MALWARE Observed APT36 Domain (esevasecurefile .store in TLS SNI)
Sourceet/open
CreatedApril 24, 2026
UpdatedApril 24, 2026
Classificationtrojan-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Observed APT36 Domain (esevasecurefile .store in TLS SNI)"; flow:established,to_server; tls.sni; dotprefix; content:".esevasecurefile.store"; endswith; fast_pattern; reference:url,x.com/goldenjackel12/status/2047562480315142260; classtype:trojan-activity; sid:2068967; rev:1; metadata:attack_target Client_Endpoint, created_at 2026_04_24, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, tag APT36, updated_at 2026_04_24;)
References
Metadata
attack targetClient_Endpoint
created at2026_04_24
deploymentPerimeter
confidenceHigh
signature severityMajor
tagAPT36
updated at2026_04_24
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!