Home/Network IDS rules
IDS / IPS

Network IDS rules

926 rules · linked to T1041 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 926
et-open command-and-control
ET MOBILE_MALWARE Android/FakeAhnAV.A CnC Beacon
sid 2017466 format suricata
et-open command-and-control
ET MALWARE W32/Downloader.Mevade.FBV CnC Beacon
sid 2017490 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon
sid 2017587 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/Opfake.A Country CnC Beacon
sid 2017588 format suricata
et-open command-and-control
ET MALWARE W32/Kegotip CnC Beacon
sid 2017627 format suricata
et-open command-and-control
ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
sid 2017690 format suricata
et-open command-and-control
ET MALWARE W32/Citadel.Arx Varient CnC Beacon 2
sid 2017691 format suricata
et-open command-and-control
ET MALWARE Trojan.BlackRev Botnet Monitor Request CnC Beacon
sid 2017717 format suricata
et-open command-and-control
ET MALWARE Trojan.BlackRev Botnet Command Request CnC Beacon
sid 2017723 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC Beacon
sid 2017787 format suricata
et-open targeted-activity
ET MALWARE W32/Ke3chang.MovieStar.APT Campaign CnC Beacon
sid 2017855 format suricata
et-open targeted-activity
ET MALWARE W32/Ke3chang.Snake.APT Campaign CnC Beacon
sid 2017856 format suricata
et-open targeted-activity
ET MALWARE W32/Ke3chang.MyWeb.APT Campaign CnC Beacon
sid 2017857 format suricata
et-open targeted-activity
ET MALWARE W32/Ke3chang.BMW.APT Campaign CnC Beacon
sid 2017858 format suricata
et-open targeted-activity
ET MALWARE W32/Ke3chang.Dream.APT Campaign CnC Beacon 2
sid 2017859 format suricata
et-open targeted-activity
ET MALWARE W32/Ke3chang.MyWeb.APT Eourdegh Campaign CnC Beacon
sid 2017860 format suricata
et-open command-and-control
ET MALWARE W32/Liftoh.Downloader Feed404 CnC Beacon
sid 2017867 format suricata
et-open command-and-control
ET MALWARE W32/Liftoh.Downloader Images CnC Beacon
sid 2017868 format suricata
et-open pup-activity
ET ADWARE_PUP W32/Linkular.Adware Successful Install Beacon
sid 2017880 format suricata
et-open pup-activity
ET ADWARE_PUP W32/InstallRex.Adware Initial CnC Beacon
sid 2017911 format suricata
et-open pup-activity
ET ADWARE_PUP W32/InstallRex.Adware Report CnC Beacon
sid 2017912 format suricata
et-open command-and-control
ET MALWARE W32/Ferret DDOS Bot CnC Beacon 2
sid 2017917 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/HeHe.Spy RegisterRequest CnC Beacon
sid 2018000 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/HeHe.Spy LoginRequest CnC Beacon
sid 2018001 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/HeHe.Spy ReportRequest CnC Beacon
sid 2018002 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/HeHe.Spy GetTaskRequest CnC Beacon
sid 2018003 format suricata
et-open command-and-control
ET MALWARE W32/LockscreenBEI.Scareware Cnc Beacon
sid 2018023 format suricata
et-open command-and-control
ET MALWARE W32/Neverquest.InfoStealer Configuration Request CnC Beacon
sid 2018047 format suricata
et-open command-and-control
ET MALWARE W32/Kbot.Backdoor Variant CnC Beacon
sid 2018078 format suricata
et-open command-and-control
ET RETIRED W32.Blackshades/Shadesrat Backdoor CnC Beacon
sid 2018079 format suricata
et-open command-and-control
ET MALWARE W32/Asprox.ClickFraudBot CnC Beacon
sid 2018096 format suricata
et-open command-and-control
ET MALWARE W32/Asprox.ClickFraudBot CnC Beacon Acknowledgement
sid 2018097 format suricata
et-open command-and-control
ET MALWARE W32/Asprox.ClickFraudBot POST CnC Beacon
sid 2018098 format suricata
et-open command-and-control
ET MALWARE W32/Rshot.Backdoor File Upload CnC Beacon
sid 2018100 format suricata
et-open command-and-control
ET MALWARE W32/Dinwod.Dropper Win32/Xtrat.B CnC Beacon
sid 2018101 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android/FakeKakao checkin 1
sid 2018138 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android/FakeKakao checkin 2
sid 2018139 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android/FakeKakao checkin 3
sid 2018140 format suricata
et-open command-and-control
ET MALWARE W32/Dadobra.Downloader/DNSChanger Dnsmake CnC Beacon
sid 2018150 format suricata
et-open command-and-control
ET ADWARE_PUP RelevantKnowledge Adware CnC Beacon
sid 2018174 format suricata
et-open command-and-control
ET MALWARE Zeus.Downloader Campaign Unknown Initial CnC Beacon
sid 2018183 format suricata
et-open command-and-control
ET MALWARE W32/Qakbot.Bot Version 8 CnC Beacon
sid 2018204 format suricata
et-open policy-violation
ET POLICY W32/Installiq.Adware Install Information Beacon
sid 2018210 format suricata
et-open command-and-control
ET MALWARE W32/PointOfSales.Misc CnC Beacon
sid 2018249 format suricata
et-open pup-activity
ET ADWARE_PUP W32/Linkular.Adware Successful Install Beacon (2)
sid 2018323 format suricata
et-open pup-activity
ET ADWARE_PUP SoundCloud Downloader Install Beacon
sid 2018324 format suricata
et-open command-and-control
ET MALWARE W32/SpeedingUpMyPC.Rootkit Install CnC Beacon
sid 2018331 format suricata
et-open command-and-control
ET MALWARE W32/SpeedingUpMyPC.Rootkit CnC Beacon
sid 2018332 format suricata
et-open command-and-control
ET MALWARE W32/SpeedingUpMyPC.Rootkit Successful Install GET Type CnC Beacon
sid 2018345 format suricata
et-open pup-activity
ET ADWARE_PUP W32/PullUpdate.Adware CnC Beacon
sid 2018368 format suricata
Showing 51-100 of 926
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin