diff --git a/rules/proxy/proxy_implant_teardown.yml b/rules/proxy/proxy_implant_teardown.yml
new file mode 100644
index 000000000..dd7d36307
--- /dev/null
+++ b/rules/proxy/proxy_implant_teardown.yml
@@ -0,0 +1,20 @@
+title: Teardown Implant URL Pattern
+status: experimental
+description: Detects URL pattern used by Teardown Implant
+references:
+    - https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html
+author: Florian Roth
+date: 2019/08/30
+logsource:
+    category: proxy
+detection:
+    selection:
+        c-uri-query: '*/list/suc?name=*'
+    condition: selection
+fields:
+    - ClientIP
+    - URL
+    - UserAgent
+falsepositives:
+    - Unknown
+level: critical