Home/Network IDS rules
IDS / IPS

Network IDS rules

6,117 rules · linked to T1071 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 6,117
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
sid 2026600 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)
sid 2026601 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 5 Staging Domain)
sid 2026603 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Ursnif Inject Domain)
sid 2026615 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2026616 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT29)
sid 2026618 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
sid 2026666 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
sid 2026667 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
sid 2026668 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (StrongPity Domain)
sid 2026669 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)
sid 2026678 format suricata
et-open command-and-control
ET MALWARE Observed MongoLock Variant CnC Domain (s .rapid7 .xyz in TLS SNI)
sid 2026722 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (SedUploader)
sid 2026757 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper RAT CnC)
sid 2026767 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2026769 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2026770 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2026771 format suricata
et-open command-and-control
ET MALWARE Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI)
sid 2026799 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
sid 2026800 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
sid 2026801 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
sid 2026802 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
sid 2026803 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)
sid 2026804 format suricata
et-open command-and-control
ET MALWARE Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI)
sid 2026806 format suricata
et-open command-and-control
ET MALWARE Observed TrumpHead Ransomware CnC Domain (6bbsjnrzv2uvp7bp .onion .pet in TLS SNI)
sid 2026807 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (POWERRATANKBA CnC)
sid 2026817 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
sid 2026819 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
sid 2026820 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Donot Group/APT-C-35 CnC)
sid 2026859 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2026861 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Zepakab CnC)
sid 2026864 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2026869 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2026870 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2026871 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2026873 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2026874 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2026875 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (LazarusGroup CnC)
sid 2026944 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)
sid 2026997 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2026999 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027000 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027001 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027002 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027003 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027004 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027005 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027006 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027008 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027009 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027010 format suricata
Showing 51-100 of 6,117
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin