diff --git a/rules/proxy/proxy_turla_comrat.yml b/rules/proxy/proxy_turla_comrat.yml
new file mode 100644
index 000000000..3a743adb3
--- /dev/null
+++ b/rules/proxy/proxy_turla_comrat.yml
@@ -0,0 +1,19 @@
+title: Turla ComRAT
+id: 7857f021-007f-4928-8b2c-7aedbe64bb82
+status: experimental
+description: Detects Turla ComRAT patterns
+references:
+    - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
+author: Florian Roth
+date: 2020/05/26
+tags:
+    - attack.g0010
+logsource:
+    category: proxy
+detection:
+    selection:
+        c-uri|contains: '/index/index.php?h='
+    condition: selection
+falsepositives:
+    - Unknown
+level: critical