Home/Network IDS rules
IDS / IPS

Network IDS rules

102 rules · linked to T1001 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 102
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2
sid 2033658 format suricata
et-open domain-c2
ET MALWARE Observed Cobalt Strike CnC Domain (windowsupdatesc .com in TLS SNI)
sid 2033797 format suricata
et-open domain-c2
ET MALWARE Observed Cobalt Strike CnC Domain (securityupdateav .com in TLS SNI)
sid 2033798 format suricata
et-open domain-c2
ET MALWARE Observed Cobalt Strike CnC Domain (defenderupdateav .com in TLS SNI)
sid 2033799 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2033820 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2033821 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033927 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033928 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033929 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033948 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
sid 2033951 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034057 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034081 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034082 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M5
sid 2034463 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034528 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034529 format suricata
et-open domain-c2
ET MALWARE Cobalt Strike CnC Domain in DNS Lookup (a .pwn-t .tk)
sid 2034539 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034540 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034728 format suricata
et-open domain-c2
ET MALWARE Cobalt Strike Related Domain in DNS Lookup (news .networkslaoupdate .com)
sid 2034736 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Domain in DNS Lookup (gawocag .com)
sid 2034753 format suricata
et-open domain-c2
ET MALWARE Cobalt Strike Related Domain in DNS Lookup (hiduwu .com)
sid 2034754 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034756 format suricata
et-open command-and-control
ET MALWARE NOBELIUM - Cobalt Strike Malleable Profile M1
sid 2034868 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2034941 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (POST)
sid 2035376 format suricata
et-open trojan-activity
ET USER_AGENTS Observed Malicious User-Agent (CobaltStrike)
sid 2035537 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2035546 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (POST)
sid 2035547 format suricata
et-open domain-c2
ET MALWARE Cobalt Strike Related Domain in DNS Lookup (wikipedia-book .vote)
sid 2035652 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2036632 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2036675 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2036676 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2036677 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2036678 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile Variant (GET)
sid 2037096 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M6
sid 2037154 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2037735 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2037745 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Activity (GET)
sid 2039801 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2042885 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Related Activity (GET)
sid 2042886 format suricata
et-open trojan-activity
ET MALWARE Win32/Cobalt Strike CnC Activity M1
sid 2050421 format suricata
et-open trojan-activity
ET MALWARE Win32/Cobalt Strike CnC Activity M2
sid 2050422 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike CnC Activity (GET)
sid 2052312 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 (Amazon Profile)
sid 2055356 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 (Google Drive Profile)
sid 2055358 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 (MSNBC Video Profile)
sid 2055379 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 (Pandora Profile)
sid 2055382 format suricata
Showing 51-100 of 102
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin