Home/Network IDS rules
IDS / IPS

Network IDS rules

89 rules · linked to T1005 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

39 shown of 89
et-open trojan-activity
ET MALWARE Valkyrie Stealer Data Exfiltration Attempt M1
sid 2065380 format suricata
et-open trojan-activity
ET MALWARE Shark Stealer CnC Checkin
sid 2065384 format suricata
et-open trojan-activity
ET MALWARE Valkyrie Stealer Data Exfiltration Attempt M2
sid 2065385 format suricata
et-open trojan-activity
ET MALWARE MEOWBACKCONN CnC Checkin
sid 2065637 format suricata
et-open trojan-activity
ET MALWARE WallStealer User-Agent Observed (SystemInfo Client)
sid 2065822 format suricata
et-open trojan-activity
ET MALWARE WallStealer CnC Checkin - System Information
sid 2065823 format suricata
et-open trojan-activity
ET MALWARE WallStealer CnC Checkin - Data Exfiltration
sid 2065824 format suricata
et-open trojan-activity
ET MALWARE WallStealer CnC Checkin - get_dll Request
sid 2065825 format suricata
et-open trojan-activity
ET MALWARE WallStealer CnC Response M1
sid 2065826 format suricata
et-open trojan-activity
ET MALWARE WallStealer CnC Response M2
sid 2065827 format suricata
et-open trojan-activity
ET MALWARE WallStealer CnC Response M3
sid 2065828 format suricata
et-open domain-c2
ET MALWARE WallStealer CnC Domain in DNS Lookup (defender-temeerty .sbs)
sid 2065829 format suricata
et-open domain-c2
ET MALWARE WallStealer CnC Domain in DNS Lookup (telemetry-defender .lol)
sid 2065830 format suricata
et-open domain-c2
ET MALWARE Observed WallStealer Domain (defender-temeerty .sbs in TLS SNI)
sid 2065831 format suricata
et-open domain-c2
ET MALWARE Observed WallStealer Domain (telemetry-defender .lol in TLS SNI)
sid 2065832 format suricata
et-open domain-c2
ET MALWARE Arkanix Stealer CnC Domain in DNS Lookup (arkanix .pw)
sid 2065833 format suricata
et-open domain-c2
ET MALWARE Observed Arkanix Stealer Domain (arkanix .pw in TLS SNI)
sid 2065834 format suricata
et-open trojan-activity
ET MALWARE Arkanix Stealer CnC Checkin
sid 2065835 format suricata
et-open trojan-activity
ET MALWARE Arkanix Stealer CnC Response M1
sid 2065836 format suricata
et-open trojan-activity
ET MALWARE Arkanix Stealer Data Exfiltration Attempt
sid 2065837 format suricata
et-open trojan-activity
ET MALWARE OtterCookie File Exfiltration M2
sid 2065863 format suricata
et-open trojan-activity
ET MALWARE OtterCookie CnC Checkin Response
sid 2065866 format suricata
et-open trojan-activity
ET MALWARE WallStealer Data Exfiltration Attempt over Telegram
sid 2065905 format suricata
et-open trojan-activity
ET MALWARE SantaStealer Data Exfiltration Attempt
sid 2066336 format suricata
et-open trojan-activity
ET MALWARE Marco Stealer Data Exfiltration Attempt
sid 2067367 format suricata
et-open trojan-activity
ET MALWARE Odyssey Stealer CnC Checkin
sid 2067743 format suricata
et-open trojan-activity
ET MALWARE Odyssey Stealer Tasking Request
sid 2067744 format suricata
et-open trojan-activity
ET MALWARE Odyssey Stealer Repeat Request
sid 2067759 format suricata
et-open trojan-activity
ET MALWARE Odyssey Stealer Data Exfiltration Attempt
sid 2067760 format suricata
et-open trojan-activity
ET MALWARE zgRAT / PureLogs Stealer CnC ping Request
sid 2067921 format suricata
et-open trojan-activity
ET MALWARE zgRAT / Purelogs Stealer plugin Request
sid 2067922 format suricata
et-open trojan-activity
ET MALWARE zgRAT / PureLogs Stealer userinfo Request
sid 2067923 format suricata
et-open trojan-activity
ET MALWARE PureLogs Stealer browser Request
sid 2067924 format suricata
et-open trojan-activity
ET MALWARE PureLogs Stealer discord Request
sid 2067925 format suricata
et-open trojan-activity
ET MALWARE PureLogs Stealer filesearch Request
sid 2067926 format suricata
et-open trojan-activity
ET MALWARE PureLogs Stealer finish Request
sid 2067927 format suricata
et-open trojan-activity
ET MALWARE Sentinel Stealer Data Exfiltration Attempt
sid 2068181 format suricata
et-open trojan-activity
ET MALWARE CripStealer Data Exfiltration Attempt
sid 2068723 format suricata
et-open trojan-activity
ET MALWARE LedgerCheck User-Agent Observed
sid 2069190 format suricata
Showing 51-89 of 89
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin