Tag
This rule detects command and control activity associated with the FIN7 threat group, which is known to use domain generation algorithms (DGA) to maintain persistence in their target's network by identifying network traffic using TLS or HTTP protocols to domains with a specific pattern.