Network IDS rules

Home/Network IDS rules

IDS / IPS

621 rules · linked to T1027 · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

◈

Rules

50 shown of 621

et-open trojan-activity

ET MALWARE Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated)

sid 2008327 format suricata

et-open bad-unknown

ET HUNTING http string in hex Possible Obfuscated Exploit Redirect

sid 2012118 format suricata

et-open bad-unknown

ET WEB_CLIENT Obfuscated Javascript // ptth

sid 2012325 format suricata

et-open bad-unknown

ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)

sid 2012326 format suricata

et-open shellcode-detect

ET HUNTING Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a

sid 2013267 format suricata

et-open shellcode-detect

ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0b0b0b0b

sid 2013268 format suricata

et-open shellcode-detect

ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0c0c0c0c

sid 2013269 format suricata

et-open shellcode-detect

ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0d0d0d0d

sid 2013270 format suricata

et-open shellcode-detect

ET SHELLCODE Hex Obfuscated JavaScript NOP SLED

sid 2013271 format suricata

et-open shellcode-detect

ET SHELLCODE Unescape Hex Obfuscated Content

sid 2013272 format suricata

et-open shellcode-detect

ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0a0a0a0a

sid 2013274 format suricata

et-open shellcode-detect

ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0b0b0b0b

sid 2013275 format suricata

et-open shellcode-detect

ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0c0c0c0c

sid 2013276 format suricata

et-open shellcode-detect

ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0d0d0d0d

sid 2013277 format suricata

et-open shellcode-detect

ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript NOP SLED

sid 2013278 format suricata

et-open shellcode-detect

ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 41414141

sid 2013279 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Probable Sakura exploit kit landing page with obfuscated URLs

sid 2015679 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Probable Sakura Java applet with obfuscated URL Sep 21 2012

sid 2015735 format suricata

et-open attempted-user

ET WEB_SERVER Image Content-Type with Obfuscated PHP (Seen with C99 Shell)

sid 2015755 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Sakura/RedKit obfuscated URL

sid 2015858 format suricata

et-open misc-activity

ET ATTACK_RESPONSE Obfuscated JS - Possible URL Encoded JS Inbound

sid 2016132 format suricata

et-open misc-activity

ET ATTACK_RESPONSE Obfuscated JS - URL Encoded Unescape Function Call Inbound

sid 2016134 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Probable Sakura exploit kit landing page obfuscated applet tag Mar 1 2013

sid 2016520 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Probable Sakura exploit kit landing page obfuscated applet tag Mar 28 2013

sid 2016704 format suricata

et-open exploit-kit

ET EXPLOIT_KIT RedKit applet + obfuscated URL Apr 7 2013

sid 2016734 format suricata

et-open exploit-kit

ET EXPLOIT_KIT RedKit/Sakura/CritX/SafePack/FlashPack applet + obfuscated URL Apr 10 2013

sid 2016751 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Sakura obfuscated javascript Jun 1 2013

sid 2016966 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 1

sid 2017206 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 2

sid 2017207 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 3

sid 2017208 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 4

sid 2017209 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 5

sid 2017210 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 6

sid 2017211 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 1

sid 2017212 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 2

sid 2017213 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 3

sid 2017214 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 4

sid 2017215 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 5

sid 2017216 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 6

sid 2017217 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 7

sid 2017218 format suricata

et-open bad-unknown

ET ATTACK_RESPONSE Obfuscated Eval String 7

sid 2017219 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 1

sid 2017220 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 2

sid 2017221 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 3

sid 2017222 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 4

sid 2017223 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 5

sid 2017224 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 6

sid 2017225 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 7

sid 2017226 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 8

sid 2017227 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 9

sid 2017228 format suricata

Showing 1-50 of 621

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin