Product
This rule detects DNS queries to known Large Language Model (LLM) domains originating from unsigned binaries or common Windows scripting utilities, indicating potential malware command and control activity.