Home/Network IDS rules
IDS / IPS

Network IDS rules

61 rules · linked to T1567 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 61
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (webhook .site in TLS SNI)
sid 2034634 format suricata
et-open bad-unknown
ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast .pro)
sid 2036890 format suricata
et-open bad-unknown
ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast .live)
sid 2036891 format suricata
et-open bad-unknown
ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast .online)
sid 2036892 format suricata
et-open bad-unknown
ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast .fun)
sid 2036893 format suricata
et-open bad-unknown
ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast .me)
sid 2036894 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (saucelabs .com in TLS SNI)
sid 2047734 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (x .pipedream .net)
sid 2047735 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (x .pipedream .net in TLS SNI)
sid 2047736 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (m .pipedream .net)
sid 2047737 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (m .pipedream .net in TLS SNI)
sid 2047738 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (intercept .rest)
sid 2047739 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (intercept .rest in TLS SNI)
sid 2047740 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook .site)
sid 2047741 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection/Tunneling Service Domain (.free .beeceptor .com in TLS SNI)
sid 2047767 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (.curlhub .io)
sid 2047768 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (.curlhub .io in TLS SNI)
sid 2047769 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (.apiary-mock .com)
sid 2047770 format suricata
et-open misc-activity
ET INFO Webhook/HTTP Request Inspection Service Domain (.apiary-mock .com in TLS SNI)
sid 2047771 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestbin .cn)
sid 2047772 format suricata
et-open misc-activity
ET INFO HTTP Request to Webhook/HTTP Request Inspection Service Domain (requestbin .cn)
sid 2047773 format suricata
et-open misc-activity
ET INFO Interactsh Domain (.oast .site in TLS SNI)
sid 2047776 format suricata
et-open misc-activity
ET INFO Interactsh Domain (.oast .live in TLS SNI)
sid 2047778 format suricata
et-open misc-activity
ET INFO Interactsh Domain (.oast .pro in TLS SNI)
sid 2047780 format suricata
et-open misc-activity
ET INFO Interactsh Domain in DNS Lookup (.oast .online)
sid 2047781 format suricata
et-open misc-activity
ET INFO Interactsh Domain (.oast .online in TLS SNI)
sid 2047782 format suricata
et-open misc-activity
ET INFO Interactsh Domain (.oast .fun in TLS SNI)
sid 2047784 format suricata
et-open misc-activity
ET INFO Interactsh Domain (.oast .me in TLS SNI)
sid 2047785 format suricata
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestinspector .com)
sid 2049156 format suricata
et-open web-application-attack
ET WEB_SPECIFIC_APPS CrushFTP Arbitrary File Read Attempt (CVE-2024-4040)
sid 2052276 format suricata
et-open domain-c2
ET MALWARE Win32/Ailurophile Stealer CnC Domain in DNS Lookup (manestvli .shop)
sid 2057103 format suricata
et-open domain-c2
ET MALWARE Observed Win32/Ailurophile Stealer Domain (manestvli .shop) in TLS SNI
sid 2057104 format suricata
et-open misc-activity
ET INFO Commonly Abused File Sharing Site Domain Observed in DNS Lookup (file .io)
sid 2058005 format suricata
et-open misc-activity
ET INFO Commonly Abused File Sharing Site Domain Observed in DNS Lookup (sharizz .io)
sid 2058006 format suricata
et-open misc-activity
ET INFO Commonly Abused File Sharing Site Domain Observed in DNS Lookup (storj .io)
sid 2058007 format suricata
et-open misc-activity
ET INFO Commonly Abused File Sharing Site Domain Observed in DNS Lookup (bublup .com)
sid 2058008 format suricata
et-open misc-activity
ET INFO Commonly Abused File Sharing Site Domain Observed in DNS Lookup (pcloud .com)
sid 2058009 format suricata
et-open misc-activity
ET INFO Commonly Abused File Sharing Site Domain Observed in DNS Lookup (shz .ai)
sid 2058010 format suricata
et-open misc-activity
ET INFO Observed Commonly Abused File Sharing Site Domain (file .io) in TLS SNI
sid 2058011 format suricata
et-open misc-activity
ET INFO Observed Commonly Abused File Sharing Site Domain (sharizz .io) in TLS SNI
sid 2058012 format suricata
et-open misc-activity
ET INFO Observed Commonly Abused File Sharing Site Domain (storj .io) in TLS SNI
sid 2058013 format suricata
et-open misc-activity
ET INFO Observed Commonly Abused File Sharing Site Domain (bublup .com) in TLS SNI
sid 2058014 format suricata
et-open misc-activity
ET INFO Observed Commonly Abused File Sharing Site Domain (pcloud .com) in TLS SNI
sid 2058015 format suricata
et-open misc-activity
ET INFO Observed Commonly Abused File Sharing Site Domain (shz .ai) in TLS SNI
sid 2058016 format suricata
et-open trojan-activity
ET MALWARE Screenshot Exfiltration via Discord Webhook (POST)
sid 2060517 format suricata
et-open command-and-control
ET MALWARE OtterCookie File Exfiltration M1
sid 2060638 format suricata
et-open trojan-activity
ET MALWARE SvcStealer CNC Tasking Checkin
sid 2061021 format suricata
et-open trojan-activity
ET MALWARE SvcStealer Data Exfiltration Attempt
sid 2061022 format suricata
et-open trojan-activity
ET MALWARE Specter Insight Beacon CnC Checkin M1
sid 2061025 format suricata
et-open misc-activity
ET INFO Anonymous File Sharing Service Domain in DNS Lookup (filemail .com)
sid 2063137 format suricata
Showing 1-50 of 61
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin