diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/proxy/proxy_ua_apt.yml
index 8418b05c9..0c51fd035 100644
--- a/rules/proxy/proxy_ua_apt.yml
+++ b/rules/proxy/proxy_ua_apt.yml
@@ -49,6 +49,7 @@ detection:
         - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36'  # Hidden Cobra malware
         - 'Mozilla/5.0 (Windows NT 6.2; Win32; rv:47.0)'  # Strong Pity loader https://twitter.com/VK_Intel/status/1264185981118406657
         - 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1;'  # Mustang Panda https://insights.oem.avira.com/new-wave-of-plugx-targets-hong-kong/
+        - 'Mozilla/5.0 (X11; Linux i686; rv:22.0) Firefox/22.0'  # BackdoorDiplomacy https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
     condition: selection
 fields:
     - ClientIP