Network IDS rules

Home/Network IDS rules

IDS / IPS

621 rules · linked to T1027 · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

◈

Rules

50 shown of 621

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 10

sid 2017229 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 11

sid 2017230 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 12

sid 2017231 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Single Q) 13

sid 2017232 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 1

sid 2017233 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 2

sid 2017234 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 3

sid 2017235 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 4

sid 2017236 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 5

sid 2017237 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 6

sid 2017238 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 7

sid 2017239 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 8

sid 2017240 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 9

sid 2017241 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 10

sid 2017242 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 11

sid 2017243 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 12

sid 2017244 format suricata

et-open bad-unknown

ET HUNTING Obfuscated Split String (Double Q) 13

sid 2017245 format suricata

et-open misc-activity

ET HUNTING Suspicious Base64 Encoded ZIP File in HTML Body (Magic Bytes)

sid 2019324 format suricata

et-open attempted-user

ET WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure obfuscated CVE-2014-6332

sid 2019715 format suricata

et-open trojan-activity

ET MALWARE [PTsecurity] Possible Malicious (HTA-VBS-PowerShell) obfuscated command

sid 2025558 format suricata

et-open bad-unknown

ET HUNTING Possible RTF File With Obfuscated Version Header

sid 2026863 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Obfuscated LordEK Landing M1

sid 2027787 format suricata

et-open exploit-kit

ET EXPLOIT_KIT Obfuscated LordEK Landing M2

sid 2027791 format suricata

et-open social-engineering

ET PHISHING Obfuscated Phishing Landing 2015-11-05

sid 2031698 format suricata

et-open social-engineering

ET PHISHING Possible Base64 Obfuscated Phishing Landing 2015-11-30

sid 2031906 format suricata

et-open social-engineering

ET PHISHING Am3Refh Obfuscated Phishing Landing 2016-02-23

sid 2032371 format suricata

et-open social-engineering

ET PHISHING Obfuscated Chase Phishing Landing 2016-03-23

sid 2032375 format suricata

et-open social-engineering

ET PHISHING Obfuscated Phishing Landing 2016-12-19

sid 2032415 format suricata

et-open misc-attack

ET ATTACK_RESPONSE Obfuscated Batch Script Inbound M1

sid 2034183 format suricata

et-open misc-attack

ET ATTACK_RESPONSE Obfuscated Batch Script Inbound M2

sid 2034184 format suricata

et-open attempted-admin

ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228)

sid 2034755 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 01

sid 2037965 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 02

sid 2037966 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 03

sid 2037967 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 04

sid 2037968 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 05

sid 2037969 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 06

sid 2037970 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 07

sid 2037971 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 08

sid 2037972 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 09

sid 2037973 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 0a

sid 2037974 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 0b

sid 2037975 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 0c

sid 2037976 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 0d

sid 2037977 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 0e

sid 2037978 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 0f

sid 2037979 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 10

sid 2037980 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 11

sid 2037981 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 12

sid 2037982 format suricata

et-open misc-activity

ET HUNTING HTTP GET Request XOR Key 13

sid 2037983 format suricata

Showing 51-100 of 621

Prev 2 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin