diff --git a/rules/linux/network_connection/net_connection_github_myjino_ru.yml b/rules/linux/network_connection/net_connection_github_myjino_ru.yml
new file mode 100644
index 000000000..32669786f
--- /dev/null
+++ b/rules/linux/network_connection/net_connection_github_myjino_ru.yml
@@ -0,0 +1,18 @@
+title: Github Repo Compromise Domain MyJino RU
+id: 242e0911-294a-44ea-a54e-7eea97aa2622
+status: test
+description: Detects connections to the host used in a big repository compromise discovered in August 2022
+references:
+   - https://twitter.com/stephenlacy/status/1554697077430505473
+date: 2022/08/03
+author: Florian Roth
+logsource:
+    product: linux
+    category: network_connection
+detection:
+    selection:
+        DestinationHostname: 'ovz1.j19544519.pr46m.vps.myjino.ru'
+    condition: selection
+falsepositives:
+    - Users looking up that domain after reading the report (unlikely)
+level: high
diff --git a/rules/network/dns/net_dns_github_myjino_ru.yml b/rules/network/dns/net_dns_github_myjino_ru.yml
new file mode 100644
index 000000000..3c7d2d26f
--- /dev/null
+++ b/rules/network/dns/net_dns_github_myjino_ru.yml
@@ -0,0 +1,18 @@
+title: DNS Lookup Github Repo Compromise Domain MyJino RU
+id: 6b0dd2e4-13ff-4eff-b79b-4444fad43644
+status: test
+description: Detects connections to the host used in a big repository compromise discovered in August 2022
+references:
+   - https://twitter.com/stephenlacy/status/1554697077430505473
+date: 2022/08/03
+author: Florian Roth
+logsource:
+    category: dns
+detection:
+    selection:
+        query: 'ovz1.j19544519.pr46m.vps.myjino.ru'
+    condition: selection
+falsepositives:
+    - Users looking up that domain after reading the report (unlikely)
+    - Web proxy or other security device DNS lookups of the domain
+level: high
diff --git a/rules/windows/network_connection/net_connection_win_github_myjino_ru.yml b/rules/windows/network_connection/net_connection_win_github_myjino_ru.yml
new file mode 100644
index 000000000..ece890aaf
--- /dev/null
+++ b/rules/windows/network_connection/net_connection_win_github_myjino_ru.yml
@@ -0,0 +1,19 @@
+title: Github Repo Compromise Domain MyJino RU
+id: 3a9f4c77-8e2e-45eb-abc1-4754f670d3a9
+status: test
+description: Detects connections to the host used in a big repository compromise discovered in August 2022
+references:
+   - https://twitter.com/stephenlacy/status/1554697077430505473
+date: 2022/08/03
+author: Florian Roth
+logsource:
+   category: network_connection
+   product: windows
+detection:
+   selection:
+      Initiated: 'true'
+      DestinationHostname: 'ovz1.j19544519.pr46m.vps.myjino.ru'
+   condition: selection
+falsepositives:
+    - Users looking up that domain after reading the report (unlikely)
+level: high
diff --git a/rules/windows/network_connection/net_connection_win_susp_dropbox_api.yml b/rules/windows/network_connection/net_connection_win_susp_dropbox_api.yml
index 4442ccbe7..a683212c0 100644
--- a/rules/windows/network_connection/net_connection_win_susp_dropbox_api.yml
+++ b/rules/windows/network_connection/net_connection_win_susp_dropbox_api.yml
@@ -4,8 +4,8 @@ status: experimental
 description: Detects an executable that isn't dropbox but communicates with the Dropbox API
 author: Florian Roth
 references:
-  - https://app.any.run/tasks/7e906adc-9d11-447f-8641-5f40375ecebb
-  - https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east
+   - https://app.any.run/tasks/7e906adc-9d11-447f-8641-5f40375ecebb
+   - https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east
 date: 2022/04/20
 logsource:
    category: network_connection