Home/Network IDS rules
IDS / IPS

Network IDS rules

84 rules · linked to T1105 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

34 shown of 84
et-open trojan-activity
ET ATTACK_RESPONSE InstallFix MacOS Payload Inbound
sid 2068435 format suricata
et-open trojan-activity
ET MALWARE TeamPCP litellm SupplyChain Attack Payload Request (Linux)
sid 2068472 format suricata
et-open trojan-activity
ET MALWARE TeamPCP litellm SupplyChain Attack Payload Request (Windows)
sid 2068473 format suricata
et-open trojan-activity
ET MALWARE Crpx0 Ransomware Payload Request M1
sid 2068503 format suricata
et-open trojan-activity
ET MALWARE Crpx0 Ransomware Payload Request M2
sid 2068504 format suricata
et-open trojan-activity
ET MALWARE Crpx0 Ransomware Payload Request M3
sid 2068505 format suricata
et-open trojan-activity
ET MALWARE Crpx0 Ransomware Payload Request M4
sid 2068506 format suricata
et-open trojan-activity
ET MALWARE Crpx0 Ransomware Payload Inbound M1
sid 2068507 format suricata
et-open trojan-activity
ET MALWARE Crpx0 Ransomware Payload Inbound M2
sid 2068508 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Crpx0 Ransomware Payload Inbound (Mac_pro_build)
sid 2068538 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Crpx0 Ransomware Payload Inbound (Launcher)
sid 2068539 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE MacSync Stealer Payload Inbound M1
sid 2068604 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE MacSync Stealer Payload Inbound M2
sid 2068605 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069218 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069219 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069220 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069221 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069222 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069225 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069226 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069227 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069228 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069229 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069230 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069231 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069232 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069233 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069234 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069235 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Secondary Payload Request (GET)
sid 2069236 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE EtherHiding Payload Delivery Script Observed Inbound
sid 2069279 format suricata
et-open trojan-activity
ET MALWARE Observed ClickFix Loader Inbound
sid 2069301 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE RMM Payload Delivery Page Observed
sid 2069333 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ScreenConnect RMM Payload Delivered via Fake Docusign Page
sid 2069334 format suricata
Showing 51-84 of 84
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin